| |
| |||||||
Log-Analyse und Auswertung: Windows Vista sehr langsam, bootet teilweise gar nicht mehr hochWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.08.2015, 11:10
| #1 |
 |  Windows Vista sehr langsam, bootet teilweise gar nicht mehr hoch Hallo zusammen, ich hatte vor ein paar Wochen meinen Laptop mit Eurer Hilfe wieder hergestellt. Nun muss der PC meiner Eltern auch wieder flott gemacht werden. Wenn man ihn anschaltet hängt er sich teilweise auf und macht gar nix mehr, man kommt dann noch nicht mal zum Anmeldebildschirm. Teilweise zeigt er nur einen blauen Bildschirm und es passiert gar nix. Beim zweiten Versuch fragt er dann immer ob man im abgesicherten Modus starten will oder Windows normal. Es dauert auch sehr lange bis er Fenster öffnet (z. B. Firefox, Windows Explorer oder andere Programme). Ich habe Defogger ausgeführt, FRST und GMER. Die Entsprechenden Logs kommen hier im Anschluss. Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:02-08-2015 01
durchgeführt von RM-Desktop (Administrator) auf RM-DESKTOP-PC (03-08-2015 11:06:52)
Gestartet von C:\Users\RM-Desktop\Downloads
Geladene Profile: RM-Desktop (Verfügbare Profile: RM-Desktop)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 8 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
() C:\Windows\System32\GManager.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Windows\System32\PSIService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
() C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
(CyberLink) C:\Windows\System32\CLWatson.exe
() C:\Windows\System32\U2VSvr.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
() C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
(CyberLink) C:\Windows\System32\CLWatson.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Creative Technology Ltd) C:\Users\RM-Desktop\ZEN Media Explorer\CTCheck.exe
() C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
(AVM Berlin) C:\Program Files\avmwlanstick\FRITZWLANMini.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Magic Control Technology Corporation) C:\Windows\System32\MTri1+.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
==================== Registry (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-07-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [5369856 2008-03-26] (Realtek Semiconductor)
HKLM\...\Run: [CTCheck] => C:\Users\RM-Desktop\ZEN Media Explorer\CTCheck.exe [397312 2007-11-06] (Creative Technology Ltd)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Util] => C:\Windows\system32\Util.exe [188416 2010-12-28] ()
HKLM\...\Run: [Corel File Shell Monitor] => C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16200 2007-10-30] ()
HKLM\...\Run: [hpqSRMon] => [X]
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-03] (AVAST Software)
HKU\S-1-5-21-1429313419-2184147580-785989940-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-03] (AVAST Software)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.de/
HKU\S-1-5-21-1429313419-2184147580-785989940-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1429313419-2184147580-785989940-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.de/
HKU\S-1-5-21-1429313419-2184147580-785989940-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-1429313419-2184147580-785989940-1001 - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - Keine Datei
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} -> Keine Datei
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-03] (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-12-14] (Microsoft Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll [2007-10-18] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll [2007-10-18] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{119504D0-DC28-4144-B905-3666D127E1D6}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4BDB51C4-8E13-407C-8AD5-18E47FD8CD98}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{8E614F48-0BA0-4011-9244-46BB3CF3D5F8}: [DhcpNameServer] 217.0.43.129 192.168.0.1
Tcpip\..\Interfaces\{EEC66F08-4D55-41DF-A37C-0DC3B64F102E}: [DhcpNameServer] 217.0.43.129 192.168.0.1
Tcpip\..\Interfaces\{F70DB2E7-9BF0-4374-85E7-2B97808DF6A4}: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\RM-Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\rnjiu27r.default
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\npctrl.1.0.30716.0.dll [2008-07-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\RM-Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\rnjiu27r.default\user.js [2010-02-28]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\RM-Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\rnjiu27r.default\searchplugins\ask-search.xml [2013-07-29]
FF SearchPlugin: C:\Users\RM-Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\rnjiu27r.default\searchplugins\avira-safesearch.xml [2015-02-26]
FF Extension: Avira Browser Safety - C:\Users\RM-Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\rnjiu27r.default\Extensions\abs@avira.com [2015-07-06]
FF Extension: Avira SafeSearch - C:\Users\RM-Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\rnjiu27r.default\Extensions\safesearch@avira.com [2015-06-22]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\RM-Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\rnjiu27r.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-27]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-05-04]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-03]
FF HKU\S-1-5-21-1429313419-2184147580-785989940-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1429313419-2184147580-785989940-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-03]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-03] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-08-03] (Avast Software)
R2 GManager; C:\Windows\system32\GManager.exe [210296 2010-11-13] ()
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [Datei ist nicht signiert]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2008-11-22] ()
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [237638 2008-06-03] () [Datei ist nicht signiert]
R2 TVECapSvc; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [360538 2008-06-03] () [Datei ist nicht signiert]
R2 TVESched; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [131160 2008-06-03] () [Datei ist nicht signiert]
R2 U2VSvr; C:\Windows\system32\U2VSvr.exe [192512 2011-03-02] () [Datei ist nicht signiert]
S3 usnjsvc; C:\Program Files\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [Datei ist nicht signiert]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-08-03] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-08-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-08-03] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [161472 2015-08-03] (AVAST Software)
R3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-08-03] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-03] (AVAST Software)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [271360 2008-11-20] () [Datei ist nicht signiert]
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2012-04-25] (AVM Berlin) [Datei ist nicht signiert]
R3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [1244160 2012-07-23] (AVM GmbH)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [401920 2007-12-19] (AVM GmbH)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2008-11-20] () [Datei ist nicht signiert]
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-08-03] (AVAST Software)
R3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908832 2007-07-30] (NXP Semiconductors Germany GmbH)
S3 RT73; C:\Windows\System32\DRIVERS\Dr71WU.sys [329728 2007-05-11] (Ralink Technology Corp.)
R3 T1PExGrp; C:\Windows\System32\DRIVERS\T1PExGrp.sys [30080 2010-01-20] (Magic Control Technology Corp.)
R3 T1PMrGrp; C:\Windows\System32\DRIVERS\T1PMrGrp.sys [30720 2010-01-20] (Magic Control Technology Corp.)
S3 t1pusb; C:\Windows\System32\drivers\t1pusb.sys [131328 2011-01-31] (Magic Control Technology Corp.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-08-03] (Avast Software)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-03 11:06 - 2015-08-03 11:08 - 00016987 _____ C:\Users\RM-Desktop\Downloads\FRST.txt
2015-08-03 11:03 - 2015-08-03 11:03 - 00050477 _____ C:\Users\RM-Desktop\Downloads\Defogger(1).exe
2015-08-03 11:00 - 2015-08-03 11:07 - 00000000 ____D C:\FRST
2015-08-03 10:57 - 2015-08-03 10:59 - 01673728 _____ (Farbar) C:\Users\RM-Desktop\Downloads\FRST.exe
2015-08-03 10:53 - 2015-08-03 10:53 - 00000000 ____D C:\Windows\system32\vbox
2015-08-03 10:52 - 2015-08-03 10:52 - 00000000 ____D C:\Users\RM-Desktop\AppData\Roaming\AVAST Software
2015-08-03 10:50 - 2015-08-03 10:50 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-03 10:50 - 2015-08-03 10:50 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-03 10:50 - 2015-08-03 10:50 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-03 10:50 - 2015-08-03 10:50 - 00161472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2015-08-03 10:50 - 2015-08-03 10:50 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-03 10:50 - 2015-08-03 10:50 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-08-03 10:50 - 2015-08-03 10:50 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-08-03 10:50 - 2015-08-03 10:50 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-03 10:50 - 2015-08-03 10:50 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-03 10:50 - 2015-08-03 10:50 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-03 10:50 - 2015-08-03 10:50 - 00001833 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-08-03 10:50 - 2015-08-03 10:49 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-08-03 10:50 - 2015-08-03 10:49 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-08-03 10:46 - 2015-08-03 10:46 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-03 10:36 - 2015-08-03 10:42 - 00008312 _____ C:\Windows\PFRO.log
2015-08-03 10:33 - 2015-08-03 10:33 - 00000000 _____ C:\Windows\setuperr.log
2015-08-03 10:33 - 2015-08-03 10:33 - 00000000 _____ C:\Windows\setupact.log
2015-08-03 10:16 - 2015-08-03 10:16 - 05499960 _____ (Avast Software s.r.o.) C:\Users\RM-Desktop\Downloads\avast_free_antivirus_setup_online.exe
2015-08-03 10:16 - 2015-08-03 10:16 - 05499960 _____ (Avast Software s.r.o.) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2015-07-30 11:50 - 2015-07-30 11:51 - 00143776 _____ C:\Windows\Minidump\Mini073015-01.dmp
2015-07-29 08:37 - 2015-07-30 11:50 - 154323196 _____ C:\Windows\MEMORY.DMP
2015-07-29 08:37 - 2015-07-29 08:37 - 00135392 _____ C:\Windows\Minidump\Mini072915-01.dmp
2015-07-21 09:26 - 2015-07-14 18:02 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 09:26 - 2015-07-14 16:23 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 17:40 - 2015-08-03 11:08 - 00000456 _____ C:\Users\RM-Desktop\Downloads\defogger_disable.log
2015-07-20 17:40 - 2015-07-20 17:40 - 00000000 _____ C:\Users\RM-Desktop\defogger_reenable
2015-07-20 17:39 - 2015-07-20 17:39 - 00050477 _____ C:\Users\RM-Desktop\Downloads\Defogger.exe
2015-07-15 08:55 - 2015-07-03 18:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 08:55 - 2015-06-25 04:57 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 08:54 - 2015-06-17 18:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 08:54 - 2015-06-17 17:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 08:54 - 2015-06-12 18:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 08:48 - 2015-05-31 10:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 08:47 - 2015-06-27 18:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 08:47 - 2015-06-27 18:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 08:47 - 2015-06-27 18:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 08:47 - 2015-06-27 18:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-15 08:47 - 2015-06-27 16:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 08:47 - 2015-06-27 16:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 08:47 - 2015-06-12 15:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 08:47 - 2015-01-09 02:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 08:30 - 2015-07-02 17:37 - 06009856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 08:30 - 2015-07-02 15:14 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 08:30 - 2015-06-17 07:26 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 08:30 - 2015-06-17 07:26 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 08:30 - 2015-06-17 07:26 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 08:30 - 2015-06-17 07:26 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-15 08:30 - 2015-06-17 07:26 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-15 08:30 - 2015-06-17 07:24 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-07-15 08:30 - 2015-06-17 07:22 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-07-15 08:30 - 2015-06-17 07:22 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 08:30 - 2015-06-17 07:22 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 08:30 - 2015-06-17 07:22 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 08:30 - 2015-06-17 07:22 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-15 08:30 - 2015-06-17 07:21 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 08:30 - 2015-06-17 07:21 - 00727552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 08:30 - 2015-06-17 07:21 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-07-15 08:30 - 2015-06-17 07:21 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 08:30 - 2015-06-17 07:20 - 11085312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 08:30 - 2015-06-17 07:20 - 02006016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 08:30 - 2015-06-17 07:20 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 08:30 - 2015-06-17 07:20 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-15 08:30 - 2015-06-17 07:20 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 08:30 - 2015-06-17 07:20 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-07-15 08:30 - 2015-06-17 07:20 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 08:30 - 2015-06-17 07:20 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 08:30 - 2015-06-17 07:19 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 08:30 - 2015-06-17 07:19 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 08:30 - 2015-06-17 07:19 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-07-15 08:30 - 2015-06-17 06:14 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 08:30 - 2015-06-17 04:58 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 08:30 - 2015-06-17 04:58 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 08:30 - 2015-06-17 04:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-07-15 08:02 - 2015-07-15 08:02 - 00000000 ___RD C:\Users\RM-Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Systemsteuerung
2015-07-13 09:01 - 2015-07-13 17:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-11 10:24 - 2015-07-30 11:50 - 00000000 ____D C:\Windows\Minidump
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-03 10:49 - 2008-11-19 21:43 - 01172254 _____ C:\Windows\WindowsUpdate.log
2015-08-03 10:49 - 2006-11-02 12:33 - 01702158 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-03 10:44 - 2013-06-24 16:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-03 10:43 - 2011-10-27 17:03 - 00002726 _____ C:\Windows\system32\GManager.ini
2015-08-03 10:43 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-03 10:43 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-03 10:43 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-03 10:42 - 2006-11-02 15:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-03 10:36 - 2013-07-29 11:41 - 00000000 ____D C:\Program Files\Avira
2015-07-21 14:08 - 2006-11-02 14:47 - 00260704 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-15 08:54 - 2013-08-18 15:14 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 08:44 - 2012-07-03 08:58 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-15 08:44 - 2012-07-03 08:58 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-13 17:43 - 2012-07-09 11:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2009-08-26 08:28 - 2009-08-26 08:28 - 0000000 _____ () C:\Users\RM-Desktop\AppData\Roaming\Default.PLS
2009-01-03 10:38 - 2013-12-29 19:00 - 0006836 _____ () C:\Users\RM-Desktop\AppData\Local\d3d9caps.dat
2009-12-24 17:53 - 2013-01-03 18:51 - 0010240 _____ () C:\Users\RM-Desktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-23 17:52 - 2009-12-23 17:52 - 0000098 _____ () C:\Users\RM-Desktop\AppData\Local\fusioncache.dat
2008-11-28 19:11 - 2010-05-04 10:19 - 0001914 _____ () C:\ProgramData\hpzinstall.log
Einige Dateien in TEMP:
====================
C:\Users\RM-Desktop\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-08-03 10:50
==================== Ende vom log ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:02-08-2015 01
durchgeführt von RM-Desktop (2015-08-03 11:08:42)
Gestartet von C:\Users\RM-Desktop\Downloads
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1429313419-2184147580-785989940-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1429313419-2184147580-785989940-1003 - Limited - Enabled)
Gast (S-1-5-21-1429313419-2184147580-785989940-501 - Limited - Disabled)
RM-Desktop (S-1-5-21-1429313419-2184147580-785989940-1001 - Administrator - Enabled) => C:\Users\RM-Desktop
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Age of Empires III - The Asian Dynasties (HKLM\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III - The WarChiefs (HKLM\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Anno 1701 (HKLM\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.04 - Sunflowers)
AudibleManager (HKLM\...\AudibleManager) (Version: -2.2002344839.2002344277.4528520 - Audible, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)
AVM FRITZ!WLAN (HKLM\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin)
BufferChm (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000 - Hewlett-Packard) Hidden
ccc-core-static (Version: 2008.0731.2322.39992 - Ihr Firmenname) Hidden
Corel Paint Shop Pro Photo X2 (HKLM\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.010.0000 - Corel Corporation)
Creative Systeminformationen (HKLM\...\SysInfo) (Version: - )
Creative ZEN (HKLM\...\{D24DDB61-8868-46CF-BC36-BECC1674F0C1}) (Version: 1.0 - )
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
CyberLink TV Enhance (HKLM\...\{E4C891D6-6844-41B8-86E8-633CACCC644F}) (Version: 1.5.5403 - CyberLink Corp.)
Destination Component (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DJ_AIO_03_F4200_Software (Version: 110.0.223.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (Version: 110.0.223.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4220_ProductContext (Version: 110.0.223.000 - Hewlett-Packard) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F4200 (Version: 110.0.223.000 - Ihr Firmenname) Hidden
F4220_Help (Version: 110.0.223.000 - Hewlett-Packard) Hidden
GPBaseService (Version: 110.0.180.000 - Hewlett-Packard) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 11.0 (HKLM\...\HPExtendedCapabilities) (Version: 11.0 - HP)
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 (HKLM\...\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}) (Version: 11.0 - HP)
HP Imaging Device Functions 11.0 (HKLM\...\HP Imaging Device Functions) (Version: 11.0 - HP)
HP Photosmart Essential 3.0 (HKLM\...\HP Photosmart Essential) (Version: 3.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Lager (Version: 1.0.0.0 - Hewlett-Packard) Hidden
MakeDisc (HKLM\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.0.2601 - CyberLink Corp.)
MarketResearch (Version: 110.0.180.000 - Hewlett-Packard) Hidden
MCE Software Encoder 1.1 (HKLM\...\{7655E113-C306-11D9-A373-0050BAE317E1}) (Version: 1.1.0.1918 - CyberLink Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version: - )
Microsoft Office XP Professional mit FrontPage (HKLM\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.3520.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.30716.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Need for Speed™ Undercover (HKLM\...\{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}) (Version: 1.0.1.0 - Electronic Arts)
Nero 8 Essentials (HKLM\...\{47948554-90C6-4AAC-8CFA-D23CE11C1031}) (Version: 8.3.124 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3118.0 - CyberLink Corporation)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 4.2.2504 - CyberLink Corp.)
PSSWCORE (Version: 2.03.0000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5591 - Realtek Semiconductor Corp.)
Scan (Version: 11.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 11.0 - HP)
Skins (Version: 2008.0731.2322.39992 - ATI) Hidden
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Toolbox (Version: 110.0.180.000 - Hewlett-Packard) Hidden
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
USB Display Device (Trigger 1+) 11.03.0315.0159 (HKLM\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 11.03.0315.0159 - MCT Corp.)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VideoToolkit01 (Version: 110.0.171.000 - Hewlett-Packard) Hidden
WebReg (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Windows Live Fotogalerie (HKLM\...\{A1D08B90-AE1A-4885-AC29-731496FD397E}) (Version: 12.0.1347.0718 - Microsoft Corporation)
Windows Live installer (HKLM\...\{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}) (Version: 12.0.1471.1025 - Microsoft Corporation)
Windows Live Mail (HKLM\...\{82F2B38B-1426-443D-874C-AC25675E7BEB}) (Version: 12.0.1606.1023 - Microsoft Corporation)
Windows Live Messenger (HKLM\...\{2B091530-69AA-442E-AB09-39ED06B58220}) (Version: 8.5.1302.1018 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{0ED47137-C071-46CC-A243-E5E33271E10E}) (Version: 5.000.742.2 - Microsoft Corporation)
Windows Live Writer (HKLM\...\{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}) (Version: 12.0.1370.0325 - Microsoft Corporation)
Windows Vista Demo Screen Saver (HKLM\...\{8A5323B7-45CB-48AB-B7E3-1C22BA63DA4C}) (Version: 1.1.1 - Ventuz Technology)
X10 Hardware(TM) (HKLM\...\X10Hardware) (Version: - )
ZENcast Organizer (HKLM\...\ZENcast Organizer) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1429313419-2184147580-785989940-1001_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-1429313419-2184147580-785989940-1001_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-1429313419-2184147580-785989940-1001_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
==================== Wiederherstellungspunkte =========================
21-07-2015 08:51:01 Windows Update
21-07-2015 09:26:05 Windows Update
27-07-2015 18:39:07 Windows Update
03-08-2015 10:16:28 Windows Update
03-08-2015 10:32:50 avast! antivirus system restore point
03-08-2015 10:40:12 avast! antivirus system restore point
03-08-2015 10:45:51 avast! antivirus system restore point
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {97A3FCCE-E4DE-4A99-B75F-820C77DBC7F1} - \GlaryInitialize No Task File <==== ACHTUNG
Task: {BA26A5D2-B1BF-43B3-99B3-5F27BFED6C1C} - System32\Tasks\{B8872F67-75B8-4E7A-85A3-183A467C48E5} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {C0D44455-D752-41A8-9239-83A838BD7036} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-03] (AVAST Software)
Task: {F49D86EA-3238-4ED1-B514-051FBF41C6A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2011-10-27 17:02 - 2010-11-13 16:39 - 00210296 _____ () C:\Windows\system32\GManager.exe
2008-11-22 22:04 - 2008-11-22 22:04 - 00066872 _____ () C:\Windows\system32\PnkBstrA.exe
2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2008-08-28 14:55 - 2008-06-03 18:38 - 00237638 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2008-09-24 07:58 - 2008-06-03 18:36 - 00360538 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
2008-09-24 07:58 - 2008-06-03 18:36 - 00094208 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLSchRecordMonitor.dll
2008-09-24 07:58 - 2008-06-03 18:37 - 00274527 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll
2008-09-24 07:58 - 2008-06-03 18:37 - 00032768 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll
2011-10-27 18:05 - 2011-03-02 15:21 - 00192512 _____ () C:\Windows\system32\U2VSvr.exe
2008-09-24 07:58 - 2008-06-03 18:36 - 00131160 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
2008-09-24 07:58 - 2008-06-03 18:37 - 00118873 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLSchMgr.dll
2008-09-24 07:58 - 2008-06-03 18:36 - 00339968 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLTinyDB.dll
2008-08-01 06:47 - 2008-08-01 06:47 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2007-10-30 19:52 - 2007-10-30 19:52 - 00016200 _____ () C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
2008-08-28 12:48 - 2008-08-28 12:48 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2015-08-03 10:50 - 2015-08-03 10:50 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-03 10:49 - 2015-08-03 10:49 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-03 10:50 - 2015-08-03 10:50 - 02959872 _____ () C:\Program Files\AVAST Software\Avast\defs\15080201\algo.dll
2015-08-03 10:50 - 2015-08-03 10:50 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\RM-Desktop\Documents\Sozialversicherungsausweis.pdf.eml:OECustomProperty
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer trusted/restricted ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1429313419-2184147580-785989940-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img22.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: D-Link AirPlus G => C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: TVEService => "C:\Program Files\HomeCinema\TV Enhance\TVEService.exe"
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{42BFCE11-A8B6-4689-8AAA-6016CA08E3E5}] => (Allow) C:\Program Files\HomeCinema\MakeDisc\MakeDisc.exe
FirewallRules: [{DFB7CCFC-C189-47B0-8B2F-31635A18C916}] => (Allow) C:\Program Files\HomeCinema\PowerDVD\PowerDVD.EXE
FirewallRules: [{BBA4DC03-110E-4251-B3DA-596080E7EF6A}] => (Allow) C:\Program Files\HomeCinema\TV Enhance\TVEnhance.exe
FirewallRules: [{2E16633E-7179-4F17-BC9B-A9BEC94D277E}] => (Allow) C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
FirewallRules: [{D8C3F17C-B4EA-4309-9662-087779809D75}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{73C16474-5A17-4416-9170-70025A0E4C15}] => (Allow) svchost.exe
FirewallRules: [{9FBFC665-A6BB-473C-99C4-495751F22B4F}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{7B67B081-3D9A-4D9D-ADB4-FFE856C0736B}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{EAD0E17E-5CF9-4DBF-85DA-52B0843AC137}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{629FAC1C-F414-4A03-AED0-E3A40242396E}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{FA756A3E-3FFE-4703-8F77-C767335E15DD}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{6F183544-C84D-4549-B937-A628E94ED9FA}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe
FirewallRules: [{78CFAFF3-8E18-48DD-8496-6572274D255A}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe
FirewallRules: [{619F2D15-2E97-4247-B9BF-151C42E95D12}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{6F6C486A-85C5-45B5-9CFF-2C99E6464152}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{51183281-88BF-4565-91EF-1942D5DA955E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E7B104D7-2660-4110-BF0C-249A6A0DBDED}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{A7318A23-B825-4263-86AB-08ACD295AB90}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{99A55A5A-E195-418B-A6A9-17E66A3722F5}] => (Allow) C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe
FirewallRules: [{ADEEEE90-AC4A-4B98-B4EF-EADEBE2971B2}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{2CFE7CEA-B96C-4A45-AC78-D4F4A7DF8830}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{BFCFC905-8D73-41DF-A47B-8C5F11DD0581}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{3B00BB65-A5BB-4D9D-8B89-B2A19CB81C69}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{7673E5C5-E514-4000-836A-6A60EFCCEA42}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [TCP Query User{3B58FA1F-0BD7-45E1-AB8D-1B9D7F887612}C:\program files\anno 1701\anno1701.exe] => (Allow) C:\program files\anno 1701\anno1701.exe
FirewallRules: [UDP Query User{46B29BA0-674A-42EA-8613-1DF1F03783F6}C:\program files\anno 1701\anno1701.exe] => (Allow) C:\program files\anno 1701\anno1701.exe
FirewallRules: [{2C4C7D04-D3ED-4B68-9D9D-F6D6837E8FD8}] => (Allow) C:\Program Files\HP\Digital Imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{6EBC2069-1851-4634-AE43-355ED3DC4C90}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{2D4DF306-9962-4CF9-B4E5-2CB472A89AD7}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{99B0F2FC-1795-485C-9658-17B2E77329C4}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{D21464BA-8CB5-4DAF-AAE6-7ED3CFA7E28A}] => (Allow) LPort=80
FirewallRules: [{CF15F0E4-C8E6-4666-A43D-DD7FFFD36084}] => (Allow) LPort=80
FirewallRules: [{73640FA0-E48E-4B27-A147-78FB4E83621C}] => (Allow) LPort=80
FirewallRules: [TCP Query User{199B42BD-275F-4552-9B61-4B38DAB73BAE}C:\program files\microsoft games\age of empires ii\empires2.icd] => (Block) C:\program files\microsoft games\age of empires ii\empires2.icd
FirewallRules: [UDP Query User{D1A395E8-FB2D-4A18-BFC5-5F3005A73548}C:\program files\microsoft games\age of empires ii\empires2.icd] => (Block) C:\program files\microsoft games\age of empires ii\empires2.icd
FirewallRules: [TCP Query User{6E47C2AB-2941-4AD8-9828-06B302FA002A}C:\program files\anno 1701\anno1701.exe] => (Block) C:\program files\anno 1701\anno1701.exe
FirewallRules: [UDP Query User{A14A63AD-3EDF-4437-BEC6-7E15304BF2FA}C:\program files\anno 1701\anno1701.exe] => (Block) C:\program files\anno 1701\anno1701.exe
FirewallRules: [{BC354DE2-C396-4607-9D43-A57393A4AE37}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{089D1832-B079-4EE9-ABEF-7EA05C6652D1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B507B4DD-7915-40B1-AB63-DC96D6CDDCFE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7407C812-6832-42C3-9DB5-F463BA31714C}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{3A0D60DB-401A-428F-B9B8-BAB68FC09589}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{6CA8D421-EEC8-4FE2-B290-C9A532583888}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{21673BA6-B858-482D-A3A7-D680E9AFC503}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (08/03/2015 10:45:49 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {015fda51-8ba5-4811-af9c-384f4960e711}
Error: (08/03/2015 10:44:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/03/2015 10:40:10 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {899ac2cd-cb57-4d1f-ab0e-59f62bef5d81}
Error: (08/03/2015 10:38:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/03/2015 10:32:50 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {42df4b4e-fcbb-4a65-be89-2dd47fc90aaa}
Error: (08/03/2015 10:07:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/30/2015 05:59:07 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (07/30/2015 05:33:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/30/2015 11:52:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/29/2015 10:37:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Systemfehler:
=============
Error: (08/03/2015 10:44:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
Error: (08/03/2015 10:44:38 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (08/03/2015 10:38:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
Error: (08/03/2015 10:38:19 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (08/03/2015 10:08:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
Error: (08/03/2015 10:08:32 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (07/30/2015 05:33:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
Error: (07/30/2015 05:33:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (07/30/2015 11:52:55 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
Error: (07/30/2015 11:52:55 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
Microsoft Office:
=========================
Error: (08/03/2015 10:45:49 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {015fda51-8ba5-4811-af9c-384f4960e711}
Error: (08/03/2015 10:44:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/03/2015 10:40:10 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {899ac2cd-cb57-4d1f-ab0e-59f62bef5d81}
Error: (08/03/2015 10:38:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/03/2015 10:32:50 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {42df4b4e-fcbb-4a65-be89-2dd47fc90aaa}
Error: (08/03/2015 10:07:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/30/2015 05:59:07 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (07/30/2015 05:33:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/30/2015 11:52:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/29/2015 10:37:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz
Percentage of memory in use: 67%
Total physical RAM: 2046.58 MB
Available physical RAM: 665.84 MB
Total Virtual: 4334.38 MB
Available Virtual: 2678.04 MB
==================== Drives ================================
Drive c: (BOOT) (Fixed) (Total:218.24 GB) (Free:169.09 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (RECOVER) (Fixed) (Total:14.63 GB) (Free:3.32 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 2BAB359D)
Partition 1: (Active) - (Size=218.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=OF Extended)
==================== Ende vom log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-08-03 12:00:06
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\0000004e WDC_WD25 rev.01.0 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\RM-DES~1\AppData\Local\Temp\kxdoykod.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xB6A4AAD6]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xB6B3183C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xB6A4B5B4]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xB6A576B8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xB6A57704]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xB6A5789E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xB6A57626]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0xB6B31C16]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xB6A5766E]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0xB6B31EA6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xB6A57858]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xB6A4C3A2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xB6A4AB3C]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwDuplicateObject [0xB6B32094]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0xB6B31914]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwLoadDriver [0xB6B2EAA4]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xB6B31CF6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xB6A4ABA2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xB6A4FFE8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xB6A4CEE6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xB6A576E2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xB6A57726]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xB6A578C2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xB6A5764C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xB6A4F4EA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xB6A577D6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xB6A57696]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xB6A4F8D6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xB6A5787C]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xB6B31A94]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xB6A4CCFE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xB6A4C854]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xB6A4AC08]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xB6A4AC6E]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0xB6B31DF2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xB6A4A7C2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xB6A4A994]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xB6A4A922]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xB6A4C56C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xB6A4C6CE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xB6A4AA1C]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0xB6B31B62]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xB6A4C1FC]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0xB6B2EAD4]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xB6A4ACD4]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0xB6B319C6]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0xB6B31F90]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 10D 824B66D0 4 Bytes [D6, AA, A4, B6]
.text ntkrnlpa.exe!KeSetEvent + 131 824B66F4 4 Bytes [3C, 18, B3, B6] {CMP AL, 0x18; MOV BL, 0xb6}
.text ntkrnlpa.exe!KeSetEvent + 191 824B6754 4 Bytes [B4, B5, A4, B6]
.text ntkrnlpa.exe!KeSetEvent + 1D1 824B6794 8 Bytes [B8, 76, A5, B6, 04, 77, A5, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 824B67A0 4 Bytes [9E, 78, A5, B6]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8C40A000, 0x210C46, 0xE8000020]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9D25B300, 0x3ACC8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9D29E300, 0x1B7E, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\AVAST Software\Avast\avastUi.exe[4964] kernel32.dll!SetUnhandledExceptionFilter 76CDA9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[6056] kernel32.dll!SetUnhandledExceptionFilter 76CDA9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
---- Devices - GMER 2.1 ----
Device \Driver\tdx \Device\Tcp aswStmXP.sys
AttachedDevice \Driver\tdx \Device\Tcp aswRdr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 ngvss.SYS
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 ngvss.SYS
Device \Driver\Ecache \Device\ECacheControl ngvss.SYS
Device \Driver\tdx \Device\RawIp6 aswStmXP.sys
Device \Driver\tdx \Device\Tcp6 aswStmXP.sys
Device \Driver\tdx \Device\Tdx aswStmXP.sys
Device \Driver\tdx \Device\Udp aswStmXP.sys
Device \Driver\tdx \Device\RawIp aswStmXP.sys
Device \Driver\tdx \Device\Udp6 aswStmXP.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@t!s!d!f!`!`!\24!t!s!t!t!r!d!r!s!\30! 19583823
---- EOF - GMER 2.1 ----
Tuuli |
|
03.08.2015, 11:37
| #2 |
| /// the machine /// TB-Ausbilder    | Windows Vista sehr langsam, bootet teilweise gar nicht mehr hoch hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
03.08.2015, 12:17
| #3 |
| | Windows Vista sehr langsam, bootet teilweise gar nicht mehr hoch Malwarebites Anti-Rootkit hat nichts gefunden.
__________________TDSSKILLER hat etwas gefunden: Code:
ATTFilter 13:10:27.0951 0x14c8 TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
13:10:33.0581 0x14c8 ============================================================
13:10:33.0582 0x14c8 Current date / time: 2015/08/03 13:10:33.0581
13:10:33.0582 0x14c8 SystemInfo:
13:10:33.0582 0x14c8
13:10:33.0582 0x14c8 OS Version: 6.0.6002 ServicePack: 2.0
13:10:33.0582 0x14c8 Product type: Workstation
13:10:33.0582 0x14c8 ComputerName: RM-DESKTOP-PC
13:10:33.0582 0x14c8 UserName: RM-Desktop
13:10:33.0583 0x14c8 Windows directory: C:\Windows
13:10:33.0583 0x14c8 System windows directory: C:\Windows
13:10:33.0583 0x14c8 Processor architecture: Intel x86
13:10:33.0583 0x14c8 Number of processors: 2
13:10:33.0583 0x14c8 Page size: 0x1000
13:10:33.0583 0x14c8 Boot type: Normal boot
13:10:33.0583 0x14c8 ============================================================
13:10:35.0087 0x14c8 KLMD registered as C:\Windows\system32\drivers\82783419.sys
13:10:35.0772 0x14c8 System UUID: {610102CA-F571-7BA0-61DD-2DB4110DEC3B}
13:10:37.0145 0x14c8 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:10:37.0212 0x14c8 ============================================================
13:10:37.0212 0x14c8 \Device\Harddisk0\DR0:
13:10:37.0213 0x14c8 MBR partitions:
13:10:37.0213 0x14c8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1B479000
13:10:37.0239 0x14c8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x1B47983F, BlocksNum 0x1D4AD42
13:10:37.0240 0x14c8 ============================================================
13:10:37.0285 0x14c8 C: <-> \Device\Harddisk0\DR0\Partition1
13:10:37.0286 0x14c8 D: <-> \Device\Harddisk0\DR0\Partition2
13:10:37.0286 0x14c8 ============================================================
13:10:37.0286 0x14c8 Initialize success
13:10:37.0286 0x14c8 ============================================================
13:11:47.0790 0x13d4 ============================================================
13:11:47.0790 0x13d4 Scan started
13:11:47.0790 0x13d4 Mode: Manual; SigCheck; TDLFS;
13:11:47.0791 0x13d4 ============================================================
13:11:47.0791 0x13d4 KSN ping started
13:12:01.0188 0x13d4 KSN ping finished: true
13:12:01.0890 0x13d4 ================ Scan system memory ========================
13:12:01.0890 0x13d4 System memory - ok
13:12:01.0891 0x13d4 ================ Scan services =============================
13:12:02.0169 0x13d4 [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys
13:12:02.0330 0x13d4 ACPI - ok
13:12:02.0428 0x13d4 [ 9B3355B29942AF67F014EA90CE1EA960, FBB155F72984045BCD99CC2059B9EDAABD3A52104C3864A290D8A355991F94D3 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:12:02.0460 0x13d4 AdobeFlashPlayerUpdateSvc - ok
13:12:02.0555 0x13d4 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:12:02.0591 0x13d4 adp94xx - ok
13:12:02.0647 0x13d4 [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:12:02.0678 0x13d4 adpahci - ok
13:12:02.0703 0x13d4 [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
13:12:02.0724 0x13d4 adpu160m - ok
13:12:02.0753 0x13d4 [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:12:02.0774 0x13d4 adpu320 - ok
13:12:02.0826 0x13d4 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:12:02.0943 0x13d4 AeLookupSvc - ok
13:12:02.0994 0x13d4 [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD C:\Windows\system32\drivers\afd.sys
13:12:03.0051 0x13d4 AFD - ok
13:12:03.0144 0x13d4 [ 5D97943C128ED756D1B0A08302C1B1F8, BE7C390B12EB38B0174C55F5459ECA44DC0521277475EF8E6C59E0DE407096EA ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
13:12:03.0364 0x13d4 AgereSoftModem - ok
13:12:03.0412 0x13d4 [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:12:03.0434 0x13d4 agp440 - ok
13:12:03.0487 0x13d4 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
13:12:03.0509 0x13d4 aic78xx - ok
13:12:03.0552 0x13d4 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
13:12:03.0637 0x13d4 ALG - ok
13:12:03.0657 0x13d4 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide C:\Windows\system32\drivers\aliide.sys
13:12:03.0685 0x13d4 aliide - ok
13:12:03.0718 0x13d4 [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:12:03.0748 0x13d4 amdagp - ok
13:12:03.0767 0x13d4 [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide C:\Windows\system32\drivers\amdide.sys
13:12:03.0795 0x13d4 amdide - ok
13:12:03.0836 0x13d4 [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
13:12:03.0922 0x13d4 AmdK7 - ok
13:12:03.0952 0x13d4 [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:12:04.0030 0x13d4 AmdK8 - ok
13:12:04.0087 0x13d4 [ 8F7D200717A58E9800D391F4C2101577, F07CF0F5636F46D8F3D5133284943E991E8739E5A644BCA5F18BB896B374620D ] Appinfo C:\Windows\System32\appinfo.dll
13:12:04.0146 0x13d4 Appinfo - ok
13:12:04.0179 0x13d4 [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc C:\Windows\system32\drivers\arc.sys
13:12:04.0209 0x13d4 arc - ok
13:12:04.0238 0x13d4 [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:12:04.0269 0x13d4 arcsas - ok
13:12:04.0394 0x13d4 [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:12:04.0429 0x13d4 aspnet_state - ok
13:12:04.0473 0x13d4 [ D358A8946FC76F9B8564CB424A4D6921, CCF6B37B8D5070AF3CBF471E13C43DF1E1E33BDF59ED3B4F0220B28CFC4F8C18 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
13:12:04.0517 0x13d4 aswHwid - ok
13:12:04.0538 0x13d4 [ 4121974453BB7B823CB0519539995A7A, A3388B61B1F9FA0EEFA1A0F651BCFB60E89BF27E29AE714C196BD3BE52D79DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
13:12:04.0586 0x13d4 aswMonFlt - ok
13:12:04.0630 0x13d4 [ 4D0F2D457D17A16C2A4CD76035638B69, E7FD214333BCCEAD22AE66592CF1355F1F38F838EE888466A9C92C14A58901CC ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
13:12:04.0657 0x13d4 aswRdr - ok
13:12:04.0706 0x13d4 [ 02E5376D5EDFC3869DF9B459AD006949, 7A3A497FEA0B77D4F0910C27A86184CBDEF9A2E537797C0642F21ECDCA9D0830 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
13:12:04.0733 0x13d4 aswRvrt - ok
13:12:04.0788 0x13d4 [ B12C276BC7E4C9FC874C55DDFAEAB8BD, 91A3B83D3937E95F9479BC4E1C8A2AEAF89E2918A4206835B483540023A70B95 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
13:12:04.0897 0x13d4 aswSnx - ok
13:12:04.0943 0x13d4 [ 9CFAB04FDA0A5F6A9698208FB71C0591, 55F17592D5F78BEA6692708AF32BD2736623D3B1EE7329A742BF4E6F6CF60E87 ] aswSP C:\Windows\system32\drivers\aswSP.sys
13:12:05.0019 0x13d4 aswSP - ok
13:12:05.0061 0x13d4 [ D8C3DC246802F43000BCDFC42DDEC282, E80F94BA55B074B9EE0F5B73ECBC13D8201576EEE23B7008B7206631ADA4576A ] aswStmXP C:\Windows\system32\drivers\aswStmXP.sys
13:12:05.0102 0x13d4 aswStmXP - ok
13:12:05.0132 0x13d4 [ B9FC303FD7B3C2752F27A35535E41860, 538BD29521E7633D25544BB560DD7A1DF78F60FE38663B50DA5015183252F3AF ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
13:12:05.0159 0x13d4 aswTdi - ok
13:12:05.0189 0x13d4 [ 8B31DFB7A3BFB59A40086E6749D0AF95, E35983B9803869C5D080F9EC1B4AD43F44E919437A20AB7ACFDFD6BD8E36D348 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
13:12:05.0231 0x13d4 aswVmm - ok
13:12:05.0254 0x13d4 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:12:05.0345 0x13d4 AsyncMac - ok
13:12:05.0380 0x13d4 [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys
13:12:05.0410 0x13d4 atapi - ok
13:12:05.0483 0x13d4 [ 8D95C6A8DD5E64D263D52DEC9170E9A2, 1D5C37790AF3BA4E2AA5EE6FBBC756E39ED7E3C54F5B19D7EC12E58354F8FE71 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
13:12:05.0610 0x13d4 Ati External Event Utility - ok
13:12:05.0861 0x13d4 [ ED29ACF556FF827CB35C0D07ED4AB8D0, 545C96220F61752458A5B1E1756A3939A7641C10BB98972FA37A94CFB78BFFD8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:12:06.0136 0x13d4 atikmdag - ok
13:12:06.0197 0x13d4 [ 6E996CF8459A2594E0E9609D0E34D41F, 9B5512A0C9AEFF90BF7837FCFE79C6D25ECE2660BD24828D8C876C73CECDD7B7 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
13:12:06.0260 0x13d4 atksgt - detected UnsignedFile.Multi.Generic ( 1 )
13:12:11.0300 0x13d4 Detect skipped due to KSN trusted
13:12:11.0300 0x13d4 atksgt - ok
13:12:11.0375 0x13d4 [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:12:11.0503 0x13d4 AudioEndpointBuilder - ok
13:12:11.0524 0x13d4 [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:12:11.0571 0x13d4 Audiosrv - ok
13:12:11.0701 0x13d4 [ 4956380A54B1C9E6BFDF3D80DACB9698, 0B0F9807EEF0F3BFE4F862876633D241DBA8F72A1373445976FF388678C4734C ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:12:11.0732 0x13d4 avast! Antivirus - ok
13:12:11.0947 0x13d4 [ A4C778C47836C9786C6A648C828DFF2B, 85E070A4C6B4D84EEE5600BA71C9A5E8C051A85033A34BBB5FB1BB56E601E93C ] AvastVBoxSvc C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
13:12:12.0117 0x13d4 AvastVBoxSvc - ok
13:12:12.0175 0x13d4 [ 263CF9D248FD5E020A1333ED4F7EAA88, 04F944C2B284172A7917389A83C525FA9A3ACB026F370EB886B48759FE81A5E1 ] avmeject C:\Windows\system32\drivers\avmeject.sys
13:12:12.0194 0x13d4 avmeject - detected UnsignedFile.Multi.Generic ( 1 )
13:12:14.0610 0x13d4 Detect skipped due to KSN trusted
13:12:14.0610 0x13d4 avmeject - ok
13:12:14.0671 0x13d4 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
13:12:14.0746 0x13d4 Beep - ok
13:12:14.0822 0x13d4 [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll
13:12:14.0946 0x13d4 BFE - ok
13:12:15.0054 0x13d4 [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\System32\qmgr.dll
13:12:15.0186 0x13d4 BITS - ok
13:12:15.0223 0x13d4 [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
13:12:15.0288 0x13d4 blbdrive - ok
13:12:15.0331 0x13d4 [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:12:15.0392 0x13d4 bowser - ok
13:12:15.0425 0x13d4 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
13:12:15.0473 0x13d4 BrFiltLo - ok
13:12:15.0493 0x13d4 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
13:12:15.0545 0x13d4 BrFiltUp - ok
13:12:15.0577 0x13d4 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
13:12:15.0647 0x13d4 Browser - ok
13:12:15.0683 0x13d4 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
13:12:15.0792 0x13d4 Brserid - ok
13:12:15.0814 0x13d4 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
13:12:15.0917 0x13d4 BrSerWdm - ok
13:12:15.0948 0x13d4 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
13:12:16.0051 0x13d4 BrUsbMdm - ok
13:12:16.0073 0x13d4 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
13:12:16.0158 0x13d4 BrUsbSer - ok
13:12:16.0175 0x13d4 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:12:16.0224 0x13d4 BTHMODEM - ok
13:12:16.0262 0x13d4 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:12:16.0303 0x13d4 cdfs - ok
13:12:16.0343 0x13d4 [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:12:16.0377 0x13d4 cdrom - ok
13:12:16.0432 0x13d4 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll
13:12:16.0473 0x13d4 CertPropSvc - ok
13:12:16.0499 0x13d4 [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass C:\Windows\system32\drivers\circlass.sys
13:12:16.0553 0x13d4 circlass - ok
13:12:16.0615 0x13d4 [ 5D9311526801643000D7032A83B18B12, C5A98868A41446617B3A27C6C4AAFA4E7C093E253E8C1DD5DBFE6FAE21991209 ] CLFS C:\Windows\system32\CLFS.sys
13:12:16.0654 0x13d4 CLFS - ok
13:12:16.0713 0x13d4 [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:12:16.0738 0x13d4 clr_optimization_v2.0.50727_32 - ok
13:12:16.0803 0x13d4 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:12:16.0834 0x13d4 clr_optimization_v4.0.30319_32 - ok
13:12:16.0855 0x13d4 [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:12:16.0876 0x13d4 cmdide - ok
13:12:16.0900 0x13d4 [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
13:12:16.0921 0x13d4 Compbatt - ok
13:12:16.0929 0x13d4 COMSysApp - ok
13:12:16.0956 0x13d4 [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:12:16.0980 0x13d4 crcdisk - ok
13:12:17.0010 0x13d4 [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe C:\Windows\system32\drivers\crusoe.sys
13:12:17.0074 0x13d4 Crusoe - ok
13:12:17.0120 0x13d4 [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:12:17.0189 0x13d4 CryptSvc - ok
13:12:17.0258 0x13d4 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:12:17.0368 0x13d4 DcomLaunch - ok
13:12:17.0416 0x13d4 [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:12:17.0468 0x13d4 DfsC - ok
13:12:17.0632 0x13d4 [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe
13:12:17.0883 0x13d4 DFSR - ok
13:12:17.0950 0x13d4 [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
13:12:18.0010 0x13d4 Dhcp - ok
13:12:18.0048 0x13d4 [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys
13:12:18.0079 0x13d4 disk - ok
13:12:18.0127 0x13d4 [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:12:18.0173 0x13d4 Dnscache - ok
13:12:18.0215 0x13d4 [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll
13:12:18.0291 0x13d4 dot3svc - ok
13:12:18.0318 0x13d4 [ 4F59C172C094E1A1D46463A8DC061CBD, CE09A4ED1F8BA6242E152C384AFF5C3C95FBB8556DAE23765272F13BF158D8F9 ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
13:12:18.0385 0x13d4 Dot4 - ok
13:12:18.0409 0x13d4 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5, 69BB5B07D03FA9F28591012F2AA4A583D3F086644C136D63A56D1A827121CC19 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:12:18.0477 0x13d4 Dot4Print - ok
13:12:18.0495 0x13d4 [ C55004CA6B419B6695970DFE849B122F, 6E0C4A9E24DD09E9389E097AF63E7F5040A0658DDCEBBE963968B7118CFE9AB8 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
13:12:18.0565 0x13d4 dot4usb - ok
13:12:18.0607 0x13d4 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
13:12:18.0671 0x13d4 DPS - ok
13:12:18.0732 0x13d4 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:12:18.0795 0x13d4 drmkaud - ok
13:12:18.0854 0x13d4 [ 5C2C209CDEFBC51D83D66E8A53B2BE89, 7AE68672A6BEEF601017BE28AA0BF3673318EFE97AA08E70F58A9391C54DF71F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:12:18.0900 0x13d4 DXGKrnl - ok
13:12:18.0970 0x13d4 [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
13:12:19.0024 0x13d4 E1G60 - ok
13:12:19.0052 0x13d4 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
13:12:19.0134 0x13d4 EapHost - ok
13:12:19.0193 0x13d4 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys
13:12:19.0214 0x13d4 Ecache - ok
13:12:19.0262 0x13d4 [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:12:19.0309 0x13d4 ehRecvr - ok
13:12:19.0330 0x13d4 [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched C:\Windows\ehome\ehsched.exe
13:12:19.0375 0x13d4 ehSched - ok
13:12:19.0388 0x13d4 [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart C:\Windows\ehome\ehstart.dll
13:12:19.0419 0x13d4 ehstart - ok
13:12:19.0470 0x13d4 [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:12:19.0510 0x13d4 elxstor - ok
13:12:19.0565 0x13d4 [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
13:12:19.0678 0x13d4 EMDMgmt - ok
13:12:19.0715 0x13d4 [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:12:19.0753 0x13d4 ErrDev - ok
13:12:19.0797 0x13d4 [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll
13:12:19.0879 0x13d4 EventSystem - ok
13:12:19.0943 0x13d4 [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys
13:12:20.0009 0x13d4 exfat - ok
13:12:20.0043 0x13d4 [ 4E404505B3F62ECFBDBCBBCF0A72DBC5, 9F446ED06A31BFE52C4F1E8ACC400B8E3F47A3CC02FFC950DB861B2B3BA4C5B9 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:12:20.0081 0x13d4 fastfat - ok
13:12:20.0121 0x13d4 [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:12:20.0181 0x13d4 fdc - ok
13:12:20.0209 0x13d4 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
13:12:20.0274 0x13d4 fdPHost - ok
13:12:20.0303 0x13d4 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
13:12:20.0380 0x13d4 FDResPub - ok
13:12:20.0412 0x13d4 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:12:20.0447 0x13d4 FileInfo - ok
13:12:20.0478 0x13d4 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:12:20.0541 0x13d4 Filetrace - ok
13:12:20.0563 0x13d4 [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:12:20.0628 0x13d4 flpydisk - ok
13:12:20.0654 0x13d4 [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:12:20.0691 0x13d4 FltMgr - ok
13:12:20.0782 0x13d4 [ 7417E869AE5AAC3026329E7749698110, 14545202D90C23EE6A2ADC5627791A3B43B5EEA6F78F44021C9AE2B5B8A351DD ] FontCache C:\Windows\system32\FntCache.dll
13:12:20.0887 0x13d4 FontCache - ok
13:12:20.0928 0x13d4 [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:12:20.0956 0x13d4 FontCache3.0.0.0 - ok
13:12:20.0986 0x13d4 [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:12:21.0036 0x13d4 Fs_Rec - ok
13:12:21.0140 0x13d4 [ 628478BE2E2074CE53B5F635A3AAE17C, 7F29F03FB0B1ABFBE61BA2B99E4EF3E097B201EAB186B475ED827AF3297A9397 ] fwlanusb5 C:\Windows\system32\DRIVERS\fwlanusb5.sys
13:12:21.0322 0x13d4 fwlanusb5 - ok
13:12:21.0389 0x13d4 [ FC06A5BE1AB381CD47AF3D69006E88F0, EFEB3F5735A7FEDF36C95182228CDD898D59180434F372D12DC0704AE129F5EF ] fwlanusbn C:\Windows\system32\DRIVERS\fwlanusbn.sys
13:12:21.0493 0x13d4 fwlanusbn - ok
13:12:21.0548 0x13d4 [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:12:21.0577 0x13d4 gagp30kx - ok
13:12:21.0654 0x13d4 [ 0EAD9D5FFCD30D425DEF8BEF825321D6, 5F9B10844380E66367ECCA760B17D4617B30BD673A0298C15B70E75B94A64987 ] GManager C:\Windows\system32\GManager.exe
13:12:21.0686 0x13d4 GManager - ok
13:12:21.0741 0x13d4 [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll
13:12:21.0833 0x13d4 gpsvc - ok
13:12:21.0889 0x13d4 [ 3F90E001369A07243763BD5A523D8722, 25907F85787D879E75C3FE74C93567382AFB2D528BEEC61D71E3A6BE2D71DFBE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:12:22.0016 0x13d4 HdAudAddService - ok
13:12:22.0065 0x13d4 [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:12:22.0207 0x13d4 HDAudBus - ok
13:12:22.0253 0x13d4 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:12:22.0319 0x13d4 HidBth - ok
13:12:22.0349 0x13d4 [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
13:12:22.0421 0x13d4 HidIr - ok
13:12:22.0466 0x13d4 [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\system32\hidserv.dll
13:12:22.0513 0x13d4 hidserv - ok
13:12:22.0547 0x13d4 [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:12:22.0591 0x13d4 HidUsb - ok
13:12:22.0620 0x13d4 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
13:12:22.0680 0x13d4 hkmsvc - ok
13:12:22.0707 0x13d4 [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
13:12:22.0734 0x13d4 HpCISSs - ok
13:12:22.0848 0x13d4 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05, 7B3F117C1D606DDA7623BEC0BFBC362C33A12213E899F049AC56A55826984134 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:12:22.0885 0x13d4 hpqcxs08 - detected UnsignedFile.Multi.Generic ( 1 )
13:12:25.0952 0x13d4 Detect skipped due to KSN trusted
13:12:25.0952 0x13d4 hpqcxs08 - ok
13:12:26.0000 0x13d4 [ EE4C7A4CF2316701FFDE90F404520265, 0143BA0EF31D54AC8AA5B1540D3B927293D01A0366C0A5AB2C807F14ED8E23A7 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:12:26.0019 0x13d4 hpqddsvc - detected UnsignedFile.Multi.Generic ( 1 )
13:12:28.0448 0x13d4 Detect skipped due to KSN trusted
13:12:28.0448 0x13d4 hpqddsvc - ok
13:12:28.0496 0x13d4 [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:12:28.0635 0x13d4 HTTP - ok
13:12:28.0685 0x13d4 [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
13:12:28.0713 0x13d4 i2omp - ok
13:12:28.0750 0x13d4 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:12:28.0808 0x13d4 i8042prt - ok
13:12:28.0837 0x13d4 [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
13:12:28.0882 0x13d4 iaStorV - ok
13:12:28.0966 0x13d4 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:12:28.0982 0x13d4 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
13:12:32.0110 0x13d4 Detect skipped due to KSN trusted
13:12:32.0110 0x13d4 IDriverT - ok
13:12:32.0204 0x13d4 [ DD386C45D2B5863740166783448A2E7A, 10B912BA70306644BE73A53AF4DCDFF63880C4C5860FF6DBA92B0914EB566718 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:12:32.0329 0x13d4 idsvc - ok
13:12:32.0360 0x13d4 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:12:32.0391 0x13d4 iirsp - ok
13:12:32.0438 0x13d4 [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT C:\Windows\System32\ikeext.dll
13:12:32.0516 0x13d4 IKEEXT - ok
13:12:32.0656 0x13d4 [ 4C01298060CF930D26A75A86B874B6AE, 425BCCB7D92FF2A3FD2F7FEDD07687484016B843036DCAE0EF60A59D584A6433 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
13:12:32.0828 0x13d4 IntcAzAudAddService - ok
13:12:32.0890 0x13d4 [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide C:\Windows\system32\drivers\intelide.sys
13:12:32.0921 0x13d4 intelide - ok
13:12:32.0953 0x13d4 [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:12:33.0015 0x13d4 intelppm - ok
13:12:33.0046 0x13d4 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:12:33.0109 0x13d4 IPBusEnum - ok
13:12:33.0140 0x13d4 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:12:33.0233 0x13d4 IpFilterDriver - ok
13:12:33.0280 0x13d4 [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:12:33.0343 0x13d4 iphlpsvc - ok
13:12:33.0358 0x13d4 IpInIp - ok
13:12:33.0374 0x13d4 [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
13:12:33.0436 0x13d4 IPMIDRV - ok
13:12:33.0483 0x13d4 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
13:12:33.0561 0x13d4 IPNAT - ok
13:12:33.0577 0x13d4 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:12:33.0623 0x13d4 IRENUM - ok
13:12:33.0655 0x13d4 [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:12:33.0686 0x13d4 isapnp - ok
13:12:33.0748 0x13d4 [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:12:33.0795 0x13d4 iScsiPrt - ok
13:12:33.0811 0x13d4 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
13:12:33.0842 0x13d4 iteatapi - ok
13:12:33.0857 0x13d4 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
13:12:33.0889 0x13d4 iteraid - ok
13:12:33.0920 0x13d4 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:12:33.0951 0x13d4 kbdclass - ok
13:12:33.0982 0x13d4 [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:12:34.0029 0x13d4 kbdhid - ok
13:12:34.0076 0x13d4 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe
13:12:34.0138 0x13d4 KeyIso - ok
13:12:34.0201 0x13d4 [ E9648A2E6691B3BF0D17697640B8F7EB, 6832F086C3AD0BBB57A5D3B1B3DE8EAFB9F8E63906A70A77770B421670D61F8C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:12:34.0279 0x13d4 KSecDD - ok
13:12:34.0372 0x13d4 [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
13:12:34.0466 0x13d4 KtmRm - ok
13:12:34.0497 0x13d4 [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\system32\srvsvc.dll
13:12:34.0544 0x13d4 LanmanServer - ok
13:12:34.0591 0x13d4 [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:12:34.0653 0x13d4 LanmanWorkstation - ok
13:12:34.0684 0x13d4 [ 975B6CF65F44E95883F3855BAE8CECAF, 5878F5B2258A17DD3AFBE18CAFAFCE0310CDB61C36891B9299D738FDEEF44A91 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
13:12:34.0715 0x13d4 lirsgt - detected UnsignedFile.Multi.Generic ( 1 )
13:12:38.0553 0x13d4 Detect skipped due to KSN trusted
13:12:38.0553 0x13d4 lirsgt - ok
13:12:38.0584 0x13d4 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:12:38.0647 0x13d4 lltdio - ok
13:12:38.0725 0x13d4 [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:12:38.0803 0x13d4 lltdsvc - ok
13:12:38.0834 0x13d4 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:12:38.0943 0x13d4 lmhosts - ok
13:12:38.0959 0x13d4 [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:12:38.0990 0x13d4 LSI_FC - ok
13:12:39.0021 0x13d4 [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:12:39.0052 0x13d4 LSI_SAS - ok
13:12:39.0083 0x13d4 [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:12:39.0115 0x13d4 LSI_SCSI - ok
13:12:39.0130 0x13d4 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
13:12:39.0177 0x13d4 luafv - ok
13:12:39.0208 0x13d4 [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:12:39.0239 0x13d4 Mcx2Svc - ok
13:12:39.0286 0x13d4 [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas C:\Windows\system32\drivers\megasas.sys
13:12:39.0302 0x13d4 megasas - ok
13:12:39.0349 0x13d4 [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR C:\Windows\system32\drivers\megasr.sys
13:12:39.0380 0x13d4 MegaSR - ok
13:12:39.0395 0x13d4 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
13:12:39.0458 0x13d4 MMCSS - ok
13:12:39.0473 0x13d4 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
13:12:39.0520 0x13d4 Modem - ok
13:12:39.0551 0x13d4 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:12:39.0598 0x13d4 monitor - ok
13:12:39.0629 0x13d4 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:12:39.0661 0x13d4 mouclass - ok
13:12:39.0676 0x13d4 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:12:39.0707 0x13d4 mouhid - ok
13:12:39.0739 0x13d4 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
13:12:39.0754 0x13d4 MountMgr - ok
13:12:39.0817 0x13d4 [ 22A7042C70F90F8261840740DDBB5176, AD0075C97D2D7C568D5CFB1C3A02DCE3BC01941844A759B29CD4DE4AF2F5FC45 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:12:39.0832 0x13d4 MozillaMaintenance - ok
13:12:39.0879 0x13d4 [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio C:\Windows\system32\drivers\mpio.sys
13:12:39.0895 0x13d4 mpio - ok
13:12:39.0926 0x13d4 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:12:39.0973 0x13d4 mpsdrv - ok
13:12:40.0035 0x13d4 [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:12:40.0113 0x13d4 MpsSvc - ok
13:12:40.0160 0x13d4 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
13:12:40.0175 0x13d4 Mraid35x - ok
13:12:40.0222 0x13d4 [ B0584CA7DEF55929FDB5169BD28B2484, AF6A7E404FEB29F7F3428D0AF6682195E5E8ED106996A04E6947DBD575696546 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:12:40.0285 0x13d4 MRxDAV - ok
13:12:40.0331 0x13d4 [ 1B864548B2ACEC1C0BB29B615CC42978, E1DA3E6764A2C7072D99F2F093E5F40DB6DC809701B59C155C6B4EE327AB9E41 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:12:40.0378 0x13d4 mrxsmb - ok
13:12:40.0425 0x13d4 [ 3F39B02EEDC5B8A0ED896EA1CDF7245F, 41C1DCD82F964A398B7C3D44178DBF7C8AF1C2DBC5F2D944BE6B00E909FE083B ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:12:40.0487 0x13d4 mrxsmb10 - ok
13:12:40.0519 0x13d4 [ D0670EC8E5AD3FA5BE372BF70AC0EABF, BD2D1BA151FD5409EAA41ECCBEB863FE52FF7C2D92349961FEE736D66970748E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:12:40.0565 0x13d4 mrxsmb20 - ok
13:12:40.0628 0x13d4 [ F70590424EEFBF5C27A40C67AFDB8383, 1F2AC1DA12F7E6F09D8F6622EF1366ABD4B86EBE51DD1915E803D56A568A3412 ] msahci C:\Windows\system32\drivers\msahci.sys
13:12:40.0659 0x13d4 msahci - ok
13:12:40.0706 0x13d4 [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:12:40.0737 0x13d4 msdsm - ok
13:12:40.0753 0x13d4 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
13:12:40.0831 0x13d4 MSDTC - ok
13:12:40.0877 0x13d4 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:12:40.0940 0x13d4 Msfs - ok
13:12:40.0971 0x13d4 [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:12:41.0002 0x13d4 msisadrv - ok
13:12:41.0033 0x13d4 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:12:41.0111 0x13d4 MSiSCSI - ok
13:12:41.0111 0x13d4 msiserver - ok
13:12:41.0143 0x13d4 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:12:41.0205 0x13d4 MSKSSRV - ok
13:12:41.0221 0x13d4 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:12:41.0283 0x13d4 MSPCLOCK - ok
13:12:41.0299 0x13d4 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:12:41.0345 0x13d4 MSPQM - ok
13:12:41.0392 0x13d4 [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:12:41.0408 0x13d4 MsRPC - ok
13:12:41.0423 0x13d4 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:12:41.0439 0x13d4 mssmbios - ok
13:12:41.0470 0x13d4 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:12:41.0501 0x13d4 MSTEE - ok
13:12:41.0533 0x13d4 [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys
13:12:41.0548 0x13d4 Mup - ok
13:12:41.0595 0x13d4 [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll
13:12:41.0657 0x13d4 napagent - ok
13:12:41.0689 0x13d4 [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:12:41.0751 0x13d4 NativeWifiP - ok
13:12:41.0829 0x13d4 [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:12:41.0876 0x13d4 NDIS - ok
13:12:41.0907 0x13d4 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:12:41.0954 0x13d4 NdisTapi - ok
13:12:41.0969 0x13d4 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:12:42.0047 0x13d4 Ndisuio - ok
13:12:42.0079 0x13d4 [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:12:42.0141 0x13d4 NdisWan - ok
13:12:42.0157 0x13d4 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:12:42.0235 0x13d4 NDProxy - ok
13:12:42.0359 0x13d4 [ 40D7D0A208EE863BCA8D89E299216F15, 4686E416A80D883B7C6CBE21E8D8D6C814D16DC48495F8ACFE7B4664560CA5E3 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
13:12:42.0453 0x13d4 Nero BackItUp Scheduler 3 - ok
13:12:42.0515 0x13d4 [ A081CB6FB9A12668F233EB5414BE3A0E, EE2A1311B51D1FEBAF79F45E568A927D8EA7704AFC8495AED2D26927566F61E3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
13:12:42.0547 0x13d4 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
13:12:45.0011 0x13d4 Detect skipped due to KSN trusted
13:12:45.0011 0x13d4 Net Driver HPZ12 - ok
13:12:45.0027 0x13d4 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:12:45.0058 0x13d4 NetBIOS - ok
13:12:45.0105 0x13d4 [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
13:12:45.0183 0x13d4 netbt - ok
13:12:45.0214 0x13d4 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe
13:12:45.0230 0x13d4 Netlogon - ok
13:12:45.0261 0x13d4 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
13:12:45.0308 0x13d4 Netman - ok
13:12:45.0370 0x13d4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:12:45.0386 0x13d4 NetMsmqActivator - ok
13:12:45.0401 0x13d4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:12:45.0433 0x13d4 NetPipeActivator - ok
13:12:45.0464 0x13d4 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
13:12:45.0526 0x13d4 netprofm - ok
13:12:45.0542 0x13d4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:12:45.0573 0x13d4 NetTcpActivator - ok
13:12:45.0573 0x13d4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:12:45.0604 0x13d4 NetTcpPortSharing - ok
13:12:45.0635 0x13d4 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:12:45.0651 0x13d4 nfrd960 - ok
13:12:45.0682 0x13d4 [ DE112A8B8E5ADC26E83791FFF6832B17, 5541F1026137769875D7DAD66D8B3629385F8C7B61C5BBFB63CBE8664221696F ] ngvss C:\Windows\system32\drivers\ngvss.sys
13:12:45.0698 0x13d4 ngvss - ok
13:12:45.0745 0x13d4 [ C96411DD46AABC0D6F3CF06D0E0E7E14, 0D36F322AF1B923D96735BFFCAC3FDB0B282E59220BADAB8B49AC178A6765380 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:12:45.0776 0x13d4 NlaSvc - ok
13:12:45.0854 0x13d4 [ EBA1B4BF2E2375ABDADEDB649F283541, 8B27AE794678C55791F95F34E67E12BAD5BE753F812C49D6511BB657CF453B52 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
13:12:45.0885 0x13d4 NMIndexingService - ok
13:12:45.0932 0x13d4 [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:12:45.0963 0x13d4 Npfs - ok
13:12:45.0979 0x13d4 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
13:12:46.0041 0x13d4 nsi - ok
13:12:46.0057 0x13d4 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:12:46.0103 0x13d4 nsiproxy - ok
13:12:46.0181 0x13d4 [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:12:46.0259 0x13d4 Ntfs - ok
13:12:46.0291 0x13d4 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
13:12:46.0337 0x13d4 ntrigdigi - ok
13:12:46.0353 0x13d4 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
13:12:46.0400 0x13d4 Null - ok
13:12:46.0478 0x13d4 [ D668632606D1CEBF0B6EC64C1DF7ED6F, 3409D6D7318902CAAED5AEEEA4C293BA809017BCCADC538938942380C52B923F ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
13:12:46.0556 0x13d4 NVENETFD - ok
13:12:46.0587 0x13d4 [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:12:46.0603 0x13d4 nvraid - ok
13:12:46.0634 0x13d4 [ C44EE36DD84FA95EB81D79C374756003, 1BBFA4A473CA0B19346EA458430377B1979BB533ECDAB2297D7E767DF9BD3682 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
13:12:46.0712 0x13d4 nvsmu - ok
13:12:46.0743 0x13d4 [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:12:46.0774 0x13d4 nvstor - ok
13:12:46.0805 0x13d4 [ 1A649B87A7B7C1220A2B16B121F2198E, A434863836F45707DB6AF1D46C642EB32753E6A1BC568E4F6FB12C265E664EB9 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
13:12:46.0837 0x13d4 nvstor32 - ok
13:12:46.0868 0x13d4 [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:12:46.0883 0x13d4 nv_agp - ok
13:12:46.0899 0x13d4 NwlnkFlt - ok
13:12:46.0899 0x13d4 NwlnkFwd - ok
13:12:46.0961 0x13d4 [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
13:12:47.0008 0x13d4 ohci1394 - ok
13:12:47.0071 0x13d4 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll
13:12:47.0195 0x13d4 p2pimsvc - ok
13:12:47.0227 0x13d4 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll
13:12:47.0305 0x13d4 p2psvc - ok
13:12:47.0336 0x13d4 [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport C:\Windows\system32\drivers\parport.sys
13:12:47.0414 0x13d4 Parport - ok
13:12:47.0445 0x13d4 [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:12:47.0476 0x13d4 partmgr - ok
13:12:47.0492 0x13d4 [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
13:12:47.0570 0x13d4 Parvdm - ok
13:12:47.0585 0x13d4 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
13:12:47.0648 0x13d4 PcaSvc - ok
13:12:47.0695 0x13d4 [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys
13:12:47.0726 0x13d4 pci - ok
13:12:47.0757 0x13d4 [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide C:\Windows\system32\drivers\pciide.sys
13:12:47.0788 0x13d4 pciide - ok
13:12:47.0819 0x13d4 [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:12:47.0866 0x13d4 pcmcia - ok
13:12:47.0960 0x13d4 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:12:48.0116 0x13d4 PEAUTH - ok
13:12:48.0241 0x13d4 [ 95C48B0FDB5AA04BFCB70D774F512A71, 4D82B425A4C9745A2C2843F2E941D1ED3DCB1BC40267108A870D14FC9C335CAC ] PhilCap C:\Windows\system32\DRIVERS\PhilCap.sys
13:12:48.0350 0x13d4 PhilCap - ok
13:12:48.0459 0x13d4 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
13:12:48.0646 0x13d4 pla - ok
13:12:48.0693 0x13d4 [ 875E4E0661F3A5994DF9E5E3A0A4F96B, 7198C02935B3714C455EE94305D2A21D900D72AC67049C11A1E842572AD6C5E1 ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
13:12:48.0709 0x13d4 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic ( 1 )
13:12:51.0220 0x13d4 Detect skipped due to KSN trusted
13:12:51.0220 0x13d4 PLFlash DeviceIoControl Service - ok
13:12:51.0298 0x13d4 [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:12:51.0376 0x13d4 PlugPlay - ok
13:12:51.0407 0x13d4 [ 65BC271F337637731D3C71455AE1F476, DAD32B61FE0147F8D2DA4C8F016920CD6BB2098F16E3CC2768009763E71DEFBC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:12:51.0439 0x13d4 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
13:12:53.0919 0x13d4 Detect skipped due to KSN trusted
13:12:53.0919 0x13d4 Pml Driver HPZ12 - ok
13:12:53.0966 0x13d4 [ 19E83B09AB8EE1D837665DA941E2AC44, DC16AE8980C432FEB359CD47C421F29A60439A269A0906AABB3D459D4F84D06C ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
13:12:53.0997 0x13d4 PnkBstrA - ok
13:12:54.0044 0x13d4 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
13:12:54.0169 0x13d4 PNRPAutoReg - ok
13:12:54.0215 0x13d4 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll
13:12:54.0278 0x13d4 PNRPsvc - ok
13:12:54.0340 0x13d4 [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:12:54.0434 0x13d4 PolicyAgent - ok
13:12:54.0465 0x13d4 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:12:54.0559 0x13d4 PptpMiniport - ok
13:12:54.0574 0x13d4 [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor C:\Windows\system32\drivers\processr.sys
13:12:54.0652 0x13d4 Processor - ok
13:12:54.0699 0x13d4 [ 0D5DAD610D7EA1627581ED06FB2BAA9A, 6E27CF3A1624AE10EECB8B5F38E03D76A6AABE4E75DD66DEDD67E0773935A396 ] ProfSvc C:\Windows\system32\profsvc.dll
13:12:54.0761 0x13d4 ProfSvc - ok
13:12:54.0777 0x13d4 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
13:12:54.0808 0x13d4 ProtectedStorage - ok
13:12:54.0871 0x13d4 [ F115AF58ABE5605D7D709CBFBD83F418, 4855FCD6E455D6E374CE92E5B37D61E7E6D8A861BA76521E7CC2542621853471 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
13:12:54.0902 0x13d4 ProtexisLicensing - ok
13:12:54.0949 0x13d4 [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
13:12:54.0995 0x13d4 PSched - ok
13:12:55.0105 0x13d4 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:12:55.0276 0x13d4 ql2300 - ok
13:12:55.0323 0x13d4 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:12:55.0354 0x13d4 ql40xx - ok
13:12:55.0417 0x13d4 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
13:12:55.0463 0x13d4 QWAVE - ok
13:12:55.0479 0x13d4 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:12:55.0510 0x13d4 QWAVEdrv - ok
13:12:55.0526 0x13d4 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:12:55.0573 0x13d4 RasAcd - ok
13:12:55.0588 0x13d4 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
13:12:55.0635 0x13d4 RasAuto - ok
13:12:55.0651 0x13d4 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:12:55.0697 0x13d4 Rasl2tp - ok
13:12:55.0760 0x13d4 [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll
13:12:55.0822 0x13d4 RasMan - ok
13:12:55.0853 0x13d4 [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:12:55.0885 0x13d4 RasPppoe - ok
13:12:55.0916 0x13d4 [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:12:55.0978 0x13d4 RasSstp - ok
13:12:56.0025 0x13d4 [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:12:56.0087 0x13d4 rdbss - ok
13:12:56.0103 0x13d4 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:12:56.0150 0x13d4 RDPCDD - ok
13:12:56.0197 0x13d4 [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
13:12:56.0243 0x13d4 rdpdr - ok
13:12:56.0259 0x13d4 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:12:56.0306 0x13d4 RDPENCDD - ok
13:12:56.0353 0x13d4 [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:12:56.0415 0x13d4 RDPWD - ok
13:12:56.0446 0x13d4 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
13:12:56.0493 0x13d4 RemoteAccess - ok
13:12:56.0524 0x13d4 [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:12:56.0571 0x13d4 RemoteRegistry - ok
13:12:56.0618 0x13d4 [ BCE6C43C6FA11FA3C3A8DDCADC426587, 65F9F0F85DC60EC0DDDE3B82BA7BB0E56F19B78C9FDD250E7A682543E962117D ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
13:12:56.0665 0x13d4 RichVideo - detected UnsignedFile.Multi.Generic ( 1 )
13:12:59.0114 0x13d4 Detect skipped due to KSN trusted
13:12:59.0114 0x13d4 RichVideo - ok
13:12:59.0145 0x13d4 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
13:12:59.0223 0x13d4 RpcLocator - ok
13:12:59.0270 0x13d4 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\system32\rpcss.dll
13:12:59.0379 0x13d4 RpcSs - ok
13:12:59.0426 0x13d4 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:12:59.0504 0x13d4 rspndr - ok
13:12:59.0582 0x13d4 [ 91D44AA2A61006136DA32118A179BF12, 95205A53DA9DED544EFA421F8D84CBD930BFCF26E3DB1EDF31BCA146E4B57075 ] RT73 C:\Windows\system32\DRIVERS\Dr71WU.sys
13:12:59.0675 0x13d4 RT73 - ok
13:12:59.0691 0x13d4 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe
13:12:59.0738 0x13d4 SamSs - ok
13:12:59.0753 0x13d4 [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:12:59.0785 0x13d4 sbp2port - ok
13:12:59.0831 0x13d4 [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:12:59.0894 0x13d4 SCardSvr - ok
13:12:59.0956 0x13d4 [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll
13:13:00.0065 0x13d4 Schedule - ok
13:13:00.0112 0x13d4 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll
13:13:00.0159 0x13d4 SCPolicySvc - ok
13:13:00.0190 0x13d4 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:13:00.0268 0x13d4 SDRSVC - ok
13:13:00.0299 0x13d4 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:13:00.0362 0x13d4 secdrv - ok
13:13:00.0377 0x13d4 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
13:13:00.0424 0x13d4 seclogon - ok
13:13:00.0440 0x13d4 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\System32\sens.dll
13:13:00.0487 0x13d4 SENS - ok
13:13:00.0533 0x13d4 [ CE9EC966638EF0B10B864DDEDF62A099, 2DEC5A8C947D87C12B342F15B8A552A0D49B979A2AC32D2C97FC7A3A76C34524 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:13:00.0565 0x13d4 Serenum - ok
13:13:00.0611 0x13d4 [ 6D663022DB3E7058907784AE14B69898, 54263888C64A7F010D3B5E399369B0F3FF3AF0A0DE8ADB502B98277533E4D45F ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:13:00.0658 0x13d4 Serial - ok
13:13:00.0674 0x13d4 [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:13:00.0721 0x13d4 sermouse - ok
13:13:00.0767 0x13d4 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
13:13:00.0799 0x13d4 SessionEnv - ok
13:13:00.0814 0x13d4 [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:13:00.0845 0x13d4 sffdisk - ok
13:13:00.0877 0x13d4 [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:13:00.0923 0x13d4 sffp_mmc - ok
13:13:00.0939 0x13d4 [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:13:00.0986 0x13d4 sffp_sd - ok
13:13:01.0001 0x13d4 [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:13:01.0064 0x13d4 sfloppy - ok
13:13:01.0095 0x13d4 [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:13:01.0142 0x13d4 SharedAccess - ok
13:13:01.0189 0x13d4 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:13:01.0235 0x13d4 ShellHWDetection - ok
13:13:01.0282 0x13d4 [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:13:01.0298 0x13d4 sisagp - ok
13:13:01.0298 0x13d4 [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
13:13:01.0313 0x13d4 SiSRaid2 - ok
13:13:01.0345 0x13d4 [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:13:01.0360 0x13d4 SiSRaid4 - ok
13:13:01.0501 0x13d4 [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe
13:13:01.0797 0x13d4 slsvc - ok
13:13:01.0844 0x13d4 [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll
13:13:01.0891 0x13d4 SLUINotify - ok
13:13:01.0922 0x13d4 [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:13:01.0953 0x13d4 Smb - ok
13:13:02.0000 0x13d4 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:13:02.0031 0x13d4 SNMPTRAP - ok
13:13:02.0062 0x13d4 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
13:13:02.0078 0x13d4 spldr - ok
13:13:02.0125 0x13d4 [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe
13:13:02.0140 0x13d4 Spooler - ok
13:13:02.0187 0x13d4 [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys
13:13:02.0234 0x13d4 srv - ok
13:13:02.0281 0x13d4 [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:13:02.0296 0x13d4 srv2 - ok
13:13:02.0327 0x13d4 [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:13:02.0343 0x13d4 srvnet - ok
13:13:02.0390 0x13d4 [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:13:02.0452 0x13d4 SSDPSRV - ok
13:13:02.0483 0x13d4 [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:13:02.0515 0x13d4 SstpSvc - ok
13:13:02.0577 0x13d4 [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc C:\Windows\System32\wiaservc.dll
13:13:02.0686 0x13d4 stisvc - ok
13:13:02.0717 0x13d4 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:13:02.0749 0x13d4 swenum - ok
13:13:02.0795 0x13d4 [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv C:\Windows\System32\swprv.dll
13:13:02.0889 0x13d4 swprv - ok
13:13:02.0920 0x13d4 [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
13:13:02.0936 0x13d4 Symc8xx - ok
13:13:02.0951 0x13d4 [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
13:13:02.0983 0x13d4 Sym_hi - ok
13:13:02.0998 0x13d4 [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
13:13:03.0029 0x13d4 Sym_u3 - ok
13:13:03.0092 0x13d4 [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain C:\Windows\system32\sysmain.dll
13:13:03.0217 0x13d4 SysMain - ok
13:13:03.0263 0x13d4 [ CB587873FB4F91C192806A602FE35227, A43B08850DFDAF336C7847F9A9D40E58AD5FE171A02D8403781DDD67A36A5DCC ] T1PExGrp C:\Windows\system32\DRIVERS\T1PExGrp.sys
13:13:03.0279 0x13d4 T1PExGrp - ok
13:13:03.0295 0x13d4 [ AC930B97ED3E46F09EF83BFB6944E8C9, 87FF0A3A33C56D6E2E48DC07AE2B58F99DF3ACD28CF38B469C8290385B6FB7BE ] T1PMrGrp C:\Windows\system32\DRIVERS\T1PMrGrp.sys
13:13:03.0326 0x13d4 T1PMrGrp - ok
13:13:03.0373 0x13d4 [ 89D14FDFC5844CB19D4668C21CF5806D, F9219B62EAE0B37AF301226075C620E42BB2336AFBF2F24DF4EC0319E918D63E ] t1pusb C:\Windows\system32\drivers\t1pusb.sys
13:13:03.0404 0x13d4 t1pusb - ok
13:13:03.0435 0x13d4 [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:13:03.0497 0x13d4 TabletInputService - ok
13:13:03.0544 0x13d4 [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:13:03.0622 0x13d4 TapiSrv - ok
13:13:03.0638 0x13d4 [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll
13:13:03.0716 0x13d4 TBS - ok
13:13:03.0778 0x13d4 [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:13:03.0872 0x13d4 Tcpip - ok
13:13:03.0934 0x13d4 [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
13:13:03.0981 0x13d4 Tcpip6 - ok
13:13:04.0012 0x13d4 [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:13:04.0121 0x13d4 tcpipreg - ok
13:13:04.0168 0x13d4 [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:13:04.0215 0x13d4 TDPIPE - ok
13:13:04.0231 0x13d4 [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:13:04.0277 0x13d4 TDTCP - ok
13:13:04.0293 0x13d4 [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:13:04.0355 0x13d4 tdx - ok
13:13:04.0402 0x13d4 [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:13:04.0433 0x13d4 TermDD - ok
13:13:04.0496 0x13d4 [ DBD84E59D631569EC3E756EF144E8431, 9E58629EC762584A2D294A619593620626F7CBE467045AD0F920B6CF1D4B4724 ] TermService C:\Windows\System32\termsrv.dll
13:13:04.0636 0x13d4 TermService - ok
13:13:04.0683 0x13d4 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes C:\Windows\system32\shsvcs.dll
13:13:04.0745 0x13d4 Themes - ok
13:13:04.0761 0x13d4 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll
13:13:04.0808 0x13d4 THREADORDER - ok
13:13:04.0839 0x13d4 [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll
13:13:04.0917 0x13d4 TrkWks - ok
13:13:04.0964 0x13d4 [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:13:04.0995 0x13d4 TrustedInstaller - ok
13:13:05.0042 0x13d4 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:13:05.0089 0x13d4 tssecsrv - ok
13:13:05.0104 0x13d4 [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
13:13:05.0135 0x13d4 tunmp - ok
13:13:05.0167 0x13d4 [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:13:05.0182 0x13d4 tunnel - ok
13:13:05.0276 0x13d4 [ 2E5D83D83E7CAEF75755DF8A129B55FC, CCCCE20C6246A5B1EA178624607C728FCF0AB4BA65B3EFF989E684D730A548C8 ] TVECapSvc C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
13:13:05.0323 0x13d4 TVECapSvc - detected UnsignedFile.Multi.Generic ( 1 )
13:13:15.0478 0x13d4 TVECapSvc ( UnsignedFile.Multi.Generic ) - warning
13:13:19.0831 0x13d4 [ 138C9116607D98F52C7B1729D22B5B90, 82F299A5DF78200A7FBBCD4B03DAF46B9C1CBF1B9F125939ED895347E2C2596F ] TVESched C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
13:13:19.0846 0x13d4 TVESched - detected UnsignedFile.Multi.Generic ( 1 )
13:13:22.0327 0x13d4 Detect skipped due to KSN trusted
13:13:22.0327 0x13d4 TVESched - ok
13:13:22.0405 0x13d4 [ 1C7537DC5018D77B3DE5F690CB8C29BB, FD55E625FBFDF13B638AC88C3652CE7BB7734348271DD34A7C3FFD9E9E1668BA ] U2VSvr C:\Windows\system32\U2VSvr.exe
13:13:22.0420 0x13d4 U2VSvr - detected UnsignedFile.Multi.Generic ( 1 )
13:13:24.0885 0x13d4 U2VSvr ( UnsignedFile.Multi.Generic ) - warning
13:13:27.0365 0x13d4 [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:13:27.0381 0x13d4 uagp35 - ok
13:13:27.0459 0x13d4 [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:13:27.0521 0x13d4 udfs - ok
13:13:27.0599 0x13d4 [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:13:27.0677 0x13d4 UI0Detect - ok
13:13:27.0755 0x13d4 [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:13:27.0787 0x13d4 uliagpkx - ok
13:13:27.0849 0x13d4 [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci C:\Windows\system32\drivers\uliahci.sys
13:13:27.0896 0x13d4 uliahci - ok
13:13:27.0927 0x13d4 [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys
13:13:27.0958 0x13d4 UlSata - ok
13:13:28.0021 0x13d4 [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
13:13:28.0052 0x13d4 ulsata2 - ok
13:13:28.0083 0x13d4 [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:13:28.0145 0x13d4 umbus - ok
13:13:28.0239 0x13d4 [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll
13:13:28.0348 0x13d4 upnphost - ok
13:13:28.0395 0x13d4 [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:13:28.0442 0x13d4 usbccgp - ok
13:13:28.0520 0x13d4 [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:13:28.0645 0x13d4 usbcir - ok
13:13:28.0676 0x13d4 [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:13:28.0707 0x13d4 usbehci - ok
13:13:28.0769 0x13d4 [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:13:28.0816 0x13d4 usbhub - ok
13:13:28.0847 0x13d4 [ D457EBD0C3A8B3A3A144355B5EE91CBC, 6AD52BDBB1607A48F0B02E663B97C3A00E3345B1B12C259608A5AE728C1C06B2 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:13:28.0894 0x13d4 usbohci - ok
13:13:28.0925 0x13d4 [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:13:28.0957 0x13d4 usbprint - ok
13:13:29.0003 0x13d4 [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:13:29.0035 0x13d4 usbscan - ok
13:13:29.0050 0x13d4 [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:13:29.0097 0x13d4 USBSTOR - ok
13:13:29.0144 0x13d4 [ 814D653EFC4D48BE3B04A307ECEFF56F, D73D62F51AEFE2F8F2B938B20107C246F2AC2F62ED49112DBD092A5D2E4024B3 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:13:29.0222 0x13d4 usbuhci - ok
13:13:29.0331 0x13d4 [ 9D19B042A4FD5C02195071EA2FE0C821, 94825411F84801FDA598E59A38FA5398D1E640AA3D704F026234FEAEBE9898BB ] usnjsvc C:\Program Files\Windows Live\Messenger\usnsvc.exe
13:13:29.0362 0x13d4 usnjsvc - ok
13:13:29.0409 0x13d4 [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms C:\Windows\System32\uxsms.dll
13:13:29.0471 0x13d4 UxSms - ok
13:13:29.0861 0x13d4 [ 53D2D97E86482E0BF46462D9DCFEEC9D, 12328968129F3DEC989F4BEDE603DB0D574540B68CBF8537E070165600ABDBBA ] VBoxAswDrv C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
13:13:29.0893 0x13d4 VBoxAswDrv - ok
13:13:29.0955 0x13d4 [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds C:\Windows\System32\vds.exe
13:13:30.0017 0x13d4 vds - ok
13:13:30.0064 0x13d4 [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:13:30.0142 0x13d4 vga - ok
13:13:30.0173 0x13d4 [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:13:30.0236 0x13d4 VgaSave - ok
13:13:30.0251 0x13d4 [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:13:30.0283 0x13d4 viaagp - ok
13:13:30.0314 0x13d4 [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
13:13:30.0345 0x13d4 ViaC7 - ok
13:13:30.0361 0x13d4 [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide C:\Windows\system32\drivers\viaide.sys
13:13:30.0392 0x13d4 viaide - ok
13:13:30.0407 0x13d4 [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:13:30.0423 0x13d4 volmgr - ok
13:13:30.0454 0x13d4 [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:13:30.0501 0x13d4 volmgrx - ok
13:13:30.0532 0x13d4 [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:13:30.0563 0x13d4 volsnap - ok
13:13:30.0595 0x13d4 [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:13:30.0626 0x13d4 vsmraid - ok
13:13:30.0688 0x13d4 [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS C:\Windows\system32\vssvc.exe
13:13:30.0813 0x13d4 VSS - ok
13:13:30.0875 0x13d4 [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time C:\Windows\system32\w32time.dll
13:13:30.0938 0x13d4 W32Time - ok
13:13:30.0969 0x13d4 [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:13:31.0047 0x13d4 WacomPen - ok
13:13:31.0078 0x13d4 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
13:13:31.0125 0x13d4 Wanarp - ok
13:13:31.0125 0x13d4 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:13:31.0172 0x13d4 Wanarpv6 - ok
13:13:31.0187 0x13d4 [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:13:31.0250 0x13d4 wcncsvc - ok
13:13:31.0265 0x13d4 [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:13:31.0312 0x13d4 WcsPlugInService - ok
13:13:31.0328 0x13d4 [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd C:\Windows\system32\drivers\wd.sys
13:13:31.0343 0x13d4 Wd - ok
13:13:31.0390 0x13d4 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:13:31.0453 0x13d4 Wdf01000 - ok
13:13:31.0468 0x13d4 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:13:31.0515 0x13d4 WdiServiceHost - ok
13:13:31.0515 0x13d4 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:13:31.0546 0x13d4 WdiSystemHost - ok
13:13:31.0593 0x13d4 [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient C:\Windows\System32\webclnt.dll
13:13:31.0640 0x13d4 WebClient - ok
13:13:31.0687 0x13d4 [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:13:31.0733 0x13d4 Wecsvc - ok
13:13:31.0765 0x13d4 [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:13:31.0811 0x13d4 wercplsupport - ok
13:13:31.0843 0x13d4 [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc C:\Windows\System32\WerSvc.dll
13:13:31.0905 0x13d4 WerSvc - ok
13:13:31.0967 0x13d4 [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:13:32.0014 0x13d4 WinDefend - ok
13:13:32.0014 0x13d4 WinHttpAutoProxySvc - ok
13:13:32.0092 0x13d4 [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:13:32.0139 0x13d4 Winmgmt - ok
13:13:32.0201 0x13d4 [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM C:\Windows\system32\WsmSvc.dll
13:13:32.0311 0x13d4 WinRM - ok
13:13:32.0373 0x13d4 [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:13:32.0451 0x13d4 Wlansvc - ok
13:13:32.0513 0x13d4 [ 94A85E956A065E23E0010A6A7826243B, F70A8301D071667718F04A9F261946ED8D64EE1B08055C518186252198F8F3F1 ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe
13:13:32.0560 0x13d4 WLSetupSvc - ok
13:13:32.0607 0x13d4 [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:13:32.0638 0x13d4 WmiAcpi - ok
13:13:32.0669 0x13d4 [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:13:32.0716 0x13d4 wmiApSrv - ok
13:13:32.0794 0x13d4 [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:13:32.0903 0x13d4 WMPNetworkSvc - ok
13:13:32.0919 0x13d4 [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:13:33.0013 0x13d4 WPCSvc - ok
13:13:33.0044 0x13d4 [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:13:33.0122 0x13d4 WPDBusEnum - ok
13:13:33.0169 0x13d4 [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
13:13:33.0215 0x13d4 WpdUsb - ok
13:13:33.0325 0x13d4 [ C108DC20ACE05072350DBB6934E277FB, 548E6ABE4C4ADE48260FFDC7BADFD1697972EA3AE94D6576498C8A183D8CE0C8 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:13:33.0403 0x13d4 WPFFontCache_v0400 - ok
13:13:33.0434 0x13d4 [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:13:33.0496 0x13d4 ws2ifsl - ok
13:13:33.0527 0x13d4 [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc C:\Windows\System32\wscsvc.dll
13:13:33.0590 0x13d4 wscsvc - ok
13:13:33.0590 0x13d4 WSearch - ok
13:13:33.0746 0x13d4 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
13:13:33.0949 0x13d4 wuauserv - ok
13:13:33.0995 0x13d4 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:13:34.0042 0x13d4 WudfPf - ok
13:13:34.0089 0x13d4 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:13:34.0136 0x13d4 WUDFRd - ok
13:13:34.0183 0x13d4 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:13:34.0214 0x13d4 wudfsvc - ok
13:13:34.0261 0x13d4 [ AB2D77BF7222B007717ABB61B15F9AE2, 9495D99385C91115583F6CD0E26B39D4F04FB3472EA53ADE51DA03043468A896 ] X10Hid C:\Windows\system32\Drivers\x10hid.sys
13:13:34.0292 0x13d4 X10Hid - ok
13:13:34.0339 0x13d4 [ 5A0C788C5BC5F2C993CB60940ADCF95E, FEEC158466040A6528E7FC8D33706B50D2F03479E0B62DF8F06B69A1A850A9FB ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
13:13:34.0370 0x13d4 x10nets - detected UnsignedFile.Multi.Generic ( 1 )
13:13:36.0881 0x13d4 Detect skipped due to KSN trusted
13:13:36.0881 0x13d4 x10nets - ok
13:13:36.0928 0x13d4 ================ Scan global ===============================
13:13:36.0959 0x13d4 [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
13:13:37.0006 0x13d4 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
13:13:37.0147 0x13d4 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
13:13:37.0349 0x13d4 [ 4F0A7910FC7D8A66433FA9961EEF8BB5, 2086EDEE8CF9CC9BDBDC03018F7C28BB56172F941CB4D6F3D857BCF82B32FB6B ] C:\Windows\system32\services.exe
13:13:37.0365 0x13d4 [ Global ] - ok
13:13:37.0365 0x13d4 ================ Scan MBR ==================================
13:13:37.0396 0x13d4 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
13:13:38.0005 0x13d4 \Device\Harddisk0\DR0 - ok
13:13:38.0005 0x13d4 ================ Scan VBR ==================================
13:13:38.0005 0x13d4 [ 62971D859EA894817FE9EF0685F84422 ] \Device\Harddisk0\DR0\Partition1
13:13:38.0051 0x13d4 \Device\Harddisk0\DR0\Partition1 - ok
13:13:38.0051 0x13d4 [ 2F14E3EA188A8D80EA898ACC5E5F8122 ] \Device\Harddisk0\DR0\Partition2
13:13:38.0051 0x13d4 \Device\Harddisk0\DR0\Partition2 - ok
13:13:38.0051 0x13d4 ================ Scan generic autorun ======================
13:13:38.0114 0x13d4 [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
13:13:38.0176 0x13d4 Windows Defender - ok
13:13:38.0223 0x13d4 [ BCCF281901737CBFB5D3E4B1644CD79A, DCBA55E1823328B1711E8E80AAC4A4C205FD0764BAA117A02969F299D5AF27CD ] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
13:13:38.0254 0x13d4 StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
13:13:40.0719 0x13d4 Detect skipped due to KSN trusted
13:13:40.0719 0x13d4 StartCCC - ok
13:13:40.0969 0x13d4 [ 151B2D097C7182898387994CEA34890B, CC9CD6AF01CD19CB7AED172F907A6B78CD061D85216C79972451853535357112 ] C:\Windows\RtHDVCpl.exe
13:13:41.0312 0x13d4 RtHDVCpl - ok
13:13:41.0405 0x13d4 [ C5A750BCCC238440A9769830D7CABD3C, DEF29E6E1D60D5B68F9F98FDBDFD1FB7B94F51559357B0D7F776AFFEAEB073F2 ] C:\Users\RM-Desktop\ZEN Media Explorer\CTCheck.exe
13:13:41.0437 0x13d4 CTCheck - detected UnsignedFile.Multi.Generic ( 1 )
13:13:43.0886 0x13d4 Detect skipped due to KSN trusted
13:13:43.0886 0x13d4 CTCheck - ok
13:13:44.0011 0x13d4 [ C8612E58FB7FCFA5EEA4E39F7B8CBC17, 91FAF64968D26992574D5078989493F5A5F24239C7CB6834B31A25ECA9AA189A ] C:\Windows\Skytel.exe
13:13:44.0182 0x13d4 Skytel - ok
13:13:44.0213 0x13d4 [ BA55501D3882DC47F4D7B900C261BBBF, B109B5D32BB46FA3D3EFE0176C82D415B5EC6361CAF0E88CA94476D12F15840B ] C:\Windows\system32\Util.exe
13:13:44.0260 0x13d4 Util - detected UnsignedFile.Multi.Generic ( 1 )
13:13:46.0959 0x13d4 Util ( UnsignedFile.Multi.Generic ) - warning
13:13:49.0408 0x13d4 [ BF26D9CF26D7E915EB152631847A9E0B, BBE433C3C2D7E38C1FAC88BA4E01388932BD3E5F60E88E33CF30E80DC986BE84 ] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
13:13:49.0439 0x13d4 Corel File Shell Monitor - ok
13:13:49.0517 0x13d4 [ CB454FBAB5376D13813C9235E87F1EAD, AFF6F58EDC228F4217A528D951FA5DA317A00D44D1B57841E855D728725F2852 ] C:\Program Files\avmwlanstick\FRITZWLANMini.exe
13:13:49.0627 0x13d4 AVMWlanClient - detected UnsignedFile.Multi.Generic ( 1 )
13:13:52.0091 0x13d4 AVMWlanClient ( UnsignedFile.Multi.Generic ) - warning
13:13:54.0821 0x13d4 [ D6FE9E0F705794A86F87A01B222290EF, 92EE74775E39B6CC83C5B8D80239D7C475825057E31CC3A8D85D152FD77F7F8A ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
13:13:55.0149 0x13d4 AvastUI.exe - ok
13:13:55.0274 0x13d4 [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
13:13:55.0492 0x13d4 Sidebar - ok
13:13:55.0492 0x13d4 WindowsWelcomeCenter - ok
13:13:55.0570 0x13d4 [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
13:13:55.0711 0x13d4 Sidebar - ok
13:13:55.0726 0x13d4 WindowsWelcomeCenter - ok
13:13:55.0789 0x13d4 [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
13:13:55.0835 0x13d4 ehTray.exe - ok
13:13:55.0835 0x13d4 Waiting for KSN requests completion. In queue: 4
13:13:56.0849 0x13d4 Waiting for KSN requests completion. In queue: 4
13:13:57.0863 0x13d4 Waiting for KSN requests completion. In queue: 4
13:13:58.0924 0x13d4 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.3.2225.1172 ), 0x41000 ( enabled : updated )
13:13:58.0955 0x13d4 Win FW state via NFP2: enabled ( trusted )
13:14:02.0044 0x13d4 ============================================================
13:14:02.0044 0x13d4 Scan finished
13:14:02.0044 0x13d4 ============================================================
13:14:02.0060 0x046c Detected object count: 4
13:14:02.0060 0x046c Actual detected object count: 4
13:14:45.0069 0x046c TVECapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:14:45.0069 0x046c TVECapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:14:45.0069 0x046c U2VSvr ( UnsignedFile.Multi.Generic ) - skipped by user
13:14:45.0069 0x046c U2VSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:14:45.0069 0x046c Util ( UnsignedFile.Multi.Generic ) - skipped by user
13:14:45.0069 0x046c Util ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:14:45.0069 0x046c AVMWlanClient ( UnsignedFile.Multi.Generic ) - skipped by user
13:14:45.0069 0x046c AVMWlanClient ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
03.08.2015, 16:20
| #4 |
| /// the machine /// TB-Ausbilder | Windows Vista sehr langsam, bootet teilweise gar nicht mehr hoch Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.08.2015, 11:35
| #5 |
| | Windows Vista sehr langsam, bootet teilweise gar nicht mehr hoch So jetzt gehts los: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 04.08.2015 Suchlaufzeit: 11:39:03 Protokolldatei: MBAM.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.08.04.02 Rootkit-Datenbank: v2015.08.03.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: RM-Desktop Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 313280 Abgelaufene Zeit: 15 Min., 1 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, In Quarantäne, [e5ed60a45833bb7b30d5809506fd30d0], Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 1 PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, In Quarantäne, [676b81833a5170c69d4bd636a65d0ff1], Dateien: 1 PUP.Optional.AskAPN.Gen, C:\Users\RM-Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\rnjiu27r.default\searchplugins\ask-search.xml, In Quarantäne, [8d45768e91fabc7ac388136c8b7a17e9], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 04/08/2015 um 12:02:03
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-09.2 [Lokal]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : RM-Desktop - RM-DESKTOP-PC
# Gestarted von : C:\Users\RM-Desktop\Downloads\AdwCleaner_4.208.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\Users\RM-Desktop\AppData\LocalLow\HPAppData
Datei Gelöscht : C:\Windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
Datei Gelöscht : C:\Users\RM-Desktop\AppData\Local\GDIPFONTCACHEV1.DAT
Datei Gelöscht : C:\Users\RM-Desktop\AppData\Roaming\GDIPFONTCACHEV1.DAT
Datei Gelöscht : C:\Users\RM-Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\rnjiu27r.default\user.js
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - 192.168.178.1;192.168.178.254;169.254.1.1;fritz.box
***** [ Internetbrowser ] *****
-\\ Internet Explorer v8.0.6001.19652
-\\ Mozilla Firefox v39.0 (x86 de)
[rnjiu27r.default\prefs.js] - Zeile Gelöscht : user_pref("avira.safe_search.installed", "[\"safesearch\"]");
[rnjiu27r.default\prefs.js] - Zeile Gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[rnjiu27r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"147df13c4ee9-05e5e256107b4a-7f6f1735-0-147df13c4ef57\"");
[rnjiu27r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_expires_at", "1432539882");
[rnjiu27r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"aeefebe72b7a6b8a1c20c7d29d60f227f82565e6\"");
[rnjiu27r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_userid", "4289119850");
[rnjiu27r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_utoken", "\"f716a144d4e48cdfee5d1f450c7518cd7714c4a2\"");
[rnjiu27r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.install", "1408196920580");
[rnjiu27r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.search_offer_disabled", "true");
[rnjiu27r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch@avira.com.install-event-fired", true);
[rnjiu27r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.xpiState", "{\"app-profile\":{\"abs@avira.com\":{\"d\":\"C:\\\\Users\\\\RM-Desktop\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\rnjiu27r.default\\\\extensions\\\\ab[...]
*************************
AdwCleaner[R0].txt - [3068 Bytes] - [04/08/2015 11:59:06]
AdwCleaner[S0].txt - [3087 Bytes] - [04/08/2015 12:02:03]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3146 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by RM-Desktop on 04.08.2015 at 12:11:59,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\ProgramData\google
~~~ FireFox
Successfully deleted: [File] C:\Users\RM-Desktop\AppData\Roaming\mozilla\firefox\profiles\rnjiu27r.default\searchplugins\avira-safesearch.xml
Successfully deleted: [Folder] C:\Users\RM-Desktop\AppData\Roaming\mozilla\firefox\profiles\rnjiu27r.default\extensions\safesearch@avira.com
Successfully deleted the following from C:\Users\RM-Desktop\AppData\Roaming\mozilla\firefox\profiles\rnjiu27r.default\prefs.js
user_pref(avira.safe_search.installed, [\safesearch\]);
user_pref(avira.safe_search.search_was_active, false);
user_pref(browser.uiCustomization.state, {\placements\:{\PanelUI-contents\:[\edit-controls\,\zoom-controls\,\new-window-button\,\privatebrowsing-button\,\save-
user_pref(extensions.bootstrappedAddons, {\safesearch@avira.com\:{\version\:\1.1.6\,\type\:\extension\,\descriptor\:\C:\\\\Users\\\\RM-Desktop\\\\AppData\\\\Ro
user_pref(extensions.safesearch.MP_DISTINCT_ID, \b12f0bf2be302e8a84afee636f1e5255ada0e69a\);
user_pref(extensions.safesearch.install, 1438682845561);
user_pref(extensions.safesearch@avira.com.install-event-fired, true);
user_pref(extensions.xpiState, {\app-profile\:{\abs@avira.com\:{\d\:\C:\\\\Users\\\\RM-Desktop\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\rnjiu27r.de
Emptied folder: C:\Users\RM-Desktop\AppData\Roaming\mozilla\firefox\profiles\rnjiu27r.default\minidumps [187 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.08.2015 at 12:21:02,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:02-08-2015 01
durchgeführt von RM-Desktop (Administrator) auf RM-DESKTOP-PC (04-08-2015 12:30:06)
Gestartet von C:\Users\RM-Desktop\Downloads
Geladene Profile: RM-Desktop (Verfügbare Profile: RM-Desktop)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 8 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-07-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [5369856 2008-03-26] (Realtek Semiconductor)
HKLM\...\Run: [CTCheck] => C:\Users\RM-Desktop\ZEN Media Explorer\CTCheck.exe [397312 2007-11-06] (Creative Technology Ltd)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Util] => C:\Windows\system32\Util.exe [188416 2010-12-28] ()
HKLM\...\Run: [Corel File Shell Monitor] => C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16200 2007-10-30] ()
HKLM\...\Run: [hpqSRMon] => [X]
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-03] (AVAST Software)
HKU\S-1-5-21-1429313419-2184147580-785989940-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-03] (AVAST Software)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.de/
HKU\S-1-5-21-1429313419-2184147580-785989940-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1429313419-2184147580-785989940-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.de/
HKU\S-1-5-21-1429313419-2184147580-785989940-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} -> Keine Datei
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-03] (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-12-14] (Microsoft Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll [2007-10-18] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll [2007-10-18] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{119504D0-DC28-4144-B905-3666D127E1D6}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4BDB51C4-8E13-407C-8AD5-18E47FD8CD98}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{8E614F48-0BA0-4011-9244-46BB3CF3D5F8}: [DhcpNameServer] 217.0.43.129 192.168.0.1
Tcpip\..\Interfaces\{EEC66F08-4D55-41DF-A37C-0DC3B64F102E}: [DhcpNameServer] 217.0.43.129 192.168.0.1
Tcpip\..\Interfaces\{F70DB2E7-9BF0-4374-85E7-2B97808DF6A4}: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\RM-Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\rnjiu27r.default
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\npctrl.1.0.30716.0.dll [2008-07-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\RM-Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\rnjiu27r.default\Extensions\abs@avira.com [2015-07-06]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\RM-Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\rnjiu27r.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-27]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-05-04]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-03]
FF HKU\S-1-5-21-1429313419-2184147580-785989940-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1429313419-2184147580-785989940-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-03]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-03] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-08-03] (Avast Software)
S2 GManager; C:\Windows\system32\GManager.exe [210296 2010-11-13] ()
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [Datei ist nicht signiert]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2008-11-22] ()
S2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [237638 2008-06-03] () [Datei ist nicht signiert]
S2 TVECapSvc; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [360538 2008-06-03] () [Datei ist nicht signiert]
S2 TVESched; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [131160 2008-06-03] () [Datei ist nicht signiert]
S2 U2VSvr; C:\Windows\system32\U2VSvr.exe [192512 2011-03-02] () [Datei ist nicht signiert]
S3 usnjsvc; C:\Program Files\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)
S2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [Datei ist nicht signiert]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-08-03] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-08-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-08-03] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [161472 2015-08-03] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-08-03] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-03] (AVAST Software)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [271360 2008-11-20] () [Datei ist nicht signiert]
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2012-04-25] (AVM Berlin) [Datei ist nicht signiert]
R3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [1244160 2012-07-23] (AVM GmbH)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [401920 2007-12-19] (AVM GmbH)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2008-11-20] () [Datei ist nicht signiert]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-08-03] (AVAST Software)
R3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908832 2007-07-30] (NXP Semiconductors Germany GmbH)
S3 RT73; C:\Windows\System32\DRIVERS\Dr71WU.sys [329728 2007-05-11] (Ralink Technology Corp.)
R3 T1PExGrp; C:\Windows\System32\DRIVERS\T1PExGrp.sys [30080 2010-01-20] (Magic Control Technology Corp.)
R3 T1PMrGrp; C:\Windows\System32\DRIVERS\T1PMrGrp.sys [30720 2010-01-20] (Magic Control Technology Corp.)
S3 t1pusb; C:\Windows\System32\drivers\t1pusb.sys [131328 2011-01-31] (Magic Control Technology Corp.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-08-03] (Avast Software)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-04 12:21 - 2015-08-04 12:21 - 00002053 _____ C:\Users\RM-Desktop\Desktop\JRT.txt
2015-08-04 12:09 - 2015-08-04 12:09 - 01798176 _____ (Malwarebytes Corporation) C:\Users\RM-Desktop\Downloads\JRT.exe
2015-08-04 12:07 - 2015-08-04 12:07 - 00003226 _____ C:\Users\RM-Desktop\Desktop\AdwCleaner[S0].txt
2015-08-04 12:06 - 2015-08-04 12:06 - 00058008 _____ C:\Users\RM-Desktop\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-04 11:58 - 2015-08-04 12:02 - 00000000 ____D C:\AdwCleaner
2015-08-04 11:58 - 2015-08-04 11:58 - 02248704 _____ C:\Users\RM-Desktop\Downloads\AdwCleaner_4.208.exe
2015-08-04 11:56 - 2015-08-04 11:56 - 00001530 _____ C:\Users\RM-Desktop\Desktop\MBAM.txt
2015-08-04 11:36 - 2015-08-04 11:37 - 00000903 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-08-04 11:35 - 2015-08-04 11:37 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware
2015-08-04 11:35 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-04 11:35 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-04 11:34 - 2015-08-04 11:34 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\RM-Desktop\Downloads\mbam-setup-2.1.6.1022.exe
2015-08-04 08:42 - 2015-08-04 08:42 - 00000000 ____D C:\snapshots
2015-08-03 13:15 - 2015-08-03 13:15 - 00096360 _____ C:\Users\RM-Desktop\Desktop\TDSSKILLER.txt
2015-08-03 13:10 - 2015-08-03 13:10 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\RM-Desktop\Downloads\tdsskiller.exe
2015-08-03 12:54 - 2015-08-04 11:38 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-03 12:53 - 2015-08-03 13:08 - 00000000 ____D C:\Users\RM-Desktop\Desktop\mbar
2015-08-03 12:53 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-03 12:52 - 2015-08-03 12:52 - 16502728 _____ (Malwarebytes Corp.) C:\Users\RM-Desktop\Downloads\mbar-1.09.1.1004.exe
2015-08-03 12:00 - 2015-08-03 12:00 - 00011315 _____ C:\Users\RM-Desktop\Desktop\GMER.log
2015-08-03 11:12 - 2015-08-03 11:13 - 00380416 _____ C:\Users\RM-Desktop\Downloads\Gmer-19357.exe
2015-08-03 11:11 - 2015-08-03 11:11 - 00033141 _____ C:\Users\RM-Desktop\Desktop\Addition.txt
2015-08-03 11:11 - 2015-08-03 11:11 - 00029057 _____ C:\Users\RM-Desktop\Desktop\FRST.txt
2015-08-03 11:08 - 2015-08-03 11:09 - 00033141 _____ C:\Users\RM-Desktop\Downloads\Addition.txt
2015-08-03 11:06 - 2015-08-04 12:30 - 00014958 _____ C:\Users\RM-Desktop\Downloads\FRST.txt
2015-08-03 11:03 - 2015-08-03 11:03 - 00050477 _____ C:\Users\RM-Desktop\Downloads\Defogger(1).exe
2015-08-03 11:00 - 2015-08-04 12:30 - 00000000 ____D C:\FRST
2015-08-03 10:57 - 2015-08-03 10:59 - 01673728 _____ (Farbar) C:\Users\RM-Desktop\Downloads\FRST.exe
2015-08-03 10:53 - 2015-08-03 10:53 - 00000000 ____D C:\Windows\system32\vbox
2015-08-03 10:52 - 2015-08-03 10:52 - 00000000 ____D C:\Users\RM-Desktop\AppData\Roaming\AVAST Software
2015-08-03 10:50 - 2015-08-03 10:50 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-03 10:50 - 2015-08-03 10:50 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-03 10:50 - 2015-08-03 10:50 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-03 10:50 - 2015-08-03 10:50 - 00161472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2015-08-03 10:50 - 2015-08-03 10:50 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-03 10:50 - 2015-08-03 10:50 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-08-03 10:50 - 2015-08-03 10:50 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-08-03 10:50 - 2015-08-03 10:50 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-03 10:50 - 2015-08-03 10:50 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-03 10:50 - 2015-08-03 10:50 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-03 10:50 - 2015-08-03 10:50 - 00001833 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-08-03 10:50 - 2015-08-03 10:49 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-08-03 10:50 - 2015-08-03 10:49 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-08-03 10:46 - 2015-08-03 10:46 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-03 10:36 - 2015-08-04 12:04 - 00008994 _____ C:\Windows\PFRO.log
2015-08-03 10:33 - 2015-08-03 10:33 - 00000000 _____ C:\Windows\setuperr.log
2015-08-03 10:33 - 2015-08-03 10:33 - 00000000 _____ C:\Windows\setupact.log
2015-08-03 10:16 - 2015-08-03 10:16 - 05499960 _____ (Avast Software s.r.o.) C:\Users\RM-Desktop\Downloads\avast_free_antivirus_setup_online.exe
2015-08-03 10:16 - 2015-08-03 10:16 - 05499960 _____ (Avast Software s.r.o.) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2015-07-30 11:50 - 2015-07-30 11:51 - 00143776 _____ C:\Windows\Minidump\Mini073015-01.dmp
2015-07-29 08:37 - 2015-07-30 11:50 - 154323196 _____ C:\Windows\MEMORY.DMP
2015-07-29 08:37 - 2015-07-29 08:37 - 00135392 _____ C:\Windows\Minidump\Mini072915-01.dmp
2015-07-21 09:26 - 2015-07-14 18:02 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 09:26 - 2015-07-14 16:23 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 17:40 - 2015-08-03 11:08 - 00000482 _____ C:\Users\RM-Desktop\Downloads\defogger_disable.log
2015-07-20 17:40 - 2015-07-20 17:40 - 00000000 _____ C:\Users\RM-Desktop\defogger_reenable
2015-07-20 17:39 - 2015-07-20 17:39 - 00050477 _____ C:\Users\RM-Desktop\Downloads\Defogger.exe
2015-07-15 08:55 - 2015-07-03 18:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 08:55 - 2015-06-25 04:57 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 08:54 - 2015-06-17 18:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 08:54 - 2015-06-17 17:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 08:54 - 2015-06-12 18:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 08:48 - 2015-05-31 10:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 08:47 - 2015-06-27 18:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 08:47 - 2015-06-27 18:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 08:47 - 2015-06-27 18:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 08:47 - 2015-06-27 18:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-15 08:47 - 2015-06-27 16:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 08:47 - 2015-06-27 16:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 08:47 - 2015-06-12 15:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 08:47 - 2015-01-09 02:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 08:30 - 2015-07-02 17:37 - 06009856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 08:30 - 2015-07-02 15:14 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 08:30 - 2015-06-17 07:26 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 08:30 - 2015-06-17 07:26 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 08:30 - 2015-06-17 07:26 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 08:30 - 2015-06-17 07:26 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-15 08:30 - 2015-06-17 07:26 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-15 08:30 - 2015-06-17 07:24 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-07-15 08:30 - 2015-06-17 07:22 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-07-15 08:30 - 2015-06-17 07:22 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 08:30 - 2015-06-17 07:22 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 08:30 - 2015-06-17 07:22 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 08:30 - 2015-06-17 07:22 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-15 08:30 - 2015-06-17 07:21 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 08:30 - 2015-06-17 07:21 - 00727552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 08:30 - 2015-06-17 07:21 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-07-15 08:30 - 2015-06-17 07:21 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 08:30 - 2015-06-17 07:20 - 11085312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 08:30 - 2015-06-17 07:20 - 02006016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 08:30 - 2015-06-17 07:20 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 08:30 - 2015-06-17 07:20 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-15 08:30 - 2015-06-17 07:20 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 08:30 - 2015-06-17 07:20 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-07-15 08:30 - 2015-06-17 07:20 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 08:30 - 2015-06-17 07:20 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 08:30 - 2015-06-17 07:19 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 08:30 - 2015-06-17 07:19 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 08:30 - 2015-06-17 07:19 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-07-15 08:30 - 2015-06-17 06:14 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 08:30 - 2015-06-17 04:58 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 08:30 - 2015-06-17 04:58 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 08:30 - 2015-06-17 04:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-07-15 08:02 - 2015-07-15 08:02 - 00000000 ___RD C:\Users\RM-Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Systemsteuerung
2015-07-13 09:01 - 2015-07-13 17:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-11 10:24 - 2015-07-30 11:50 - 00000000 ____D C:\Windows\Minidump
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-04 12:27 - 2008-11-19 21:43 - 01231900 _____ C:\Windows\WindowsUpdate.log
2015-08-04 12:18 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-04 12:18 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-04 12:10 - 2006-11-02 12:33 - 01702158 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-04 12:04 - 2011-10-27 17:03 - 00002726 _____ C:\Windows\system32\GManager.ini
2015-08-04 12:04 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-04 12:02 - 2006-11-02 15:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-04 11:44 - 2013-06-24 16:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-04 08:37 - 2009-12-24 14:48 - 00000000 ____D C:\Users\RM-Desktop\AppData\Local\Thunderbird
2015-08-04 08:14 - 2012-07-09 11:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-03 13:34 - 2009-12-24 14:48 - 00000900 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-08-03 13:33 - 2015-05-26 08:47 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2015-08-03 10:36 - 2013-07-29 11:41 - 00000000 ____D C:\Program Files\Avira
2015-07-21 14:08 - 2006-11-02 14:47 - 00260704 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-15 08:54 - 2013-08-18 15:14 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 08:44 - 2012-07-03 08:58 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-15 08:44 - 2012-07-03 08:58 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2009-08-26 08:28 - 2009-08-26 08:28 - 0000000 _____ () C:\Users\RM-Desktop\AppData\Roaming\Default.PLS
2009-01-03 10:38 - 2013-12-29 19:00 - 0006836 _____ () C:\Users\RM-Desktop\AppData\Local\d3d9caps.dat
2009-12-24 17:53 - 2013-01-03 18:51 - 0010240 _____ () C:\Users\RM-Desktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-23 17:52 - 2009-12-23 17:52 - 0000098 _____ () C:\Users\RM-Desktop\AppData\Local\fusioncache.dat
2008-11-28 19:11 - 2010-05-04 10:19 - 0001914 _____ () C:\ProgramData\hpzinstall.log
Einige Dateien in TEMP:
====================
C:\Users\RM-Desktop\AppData\Local\Temp\avgnt.exe
C:\Users\RM-Desktop\AppData\Local\Temp\Quarantine.exe
C:\Users\RM-Desktop\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-08-04 12:11
==================== Ende vom log ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:02-08-2015 01
durchgeführt von RM-Desktop (2015-08-04 12:31:08)
Gestartet von C:\Users\RM-Desktop\Downloads
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1429313419-2184147580-785989940-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1429313419-2184147580-785989940-1003 - Limited - Enabled)
Gast (S-1-5-21-1429313419-2184147580-785989940-501 - Limited - Disabled)
RM-Desktop (S-1-5-21-1429313419-2184147580-785989940-1001 - Administrator - Enabled) => C:\Users\RM-Desktop
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Age of Empires III - The Asian Dynasties (HKLM\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III - The WarChiefs (HKLM\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Anno 1701 (HKLM\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.04 - Sunflowers)
AudibleManager (HKLM\...\AudibleManager) (Version: -2.2002344839.2002344277.4528520 - Audible, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)
AVM FRITZ!WLAN (HKLM\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin)
BufferChm (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000 - Hewlett-Packard) Hidden
ccc-core-static (Version: 2008.0731.2322.39992 - Ihr Firmenname) Hidden
Corel Paint Shop Pro Photo X2 (HKLM\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.010.0000 - Corel Corporation)
Creative Systeminformationen (HKLM\...\SysInfo) (Version: - )
Creative ZEN (HKLM\...\{D24DDB61-8868-46CF-BC36-BECC1674F0C1}) (Version: 1.0 - )
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
CyberLink TV Enhance (HKLM\...\{E4C891D6-6844-41B8-86E8-633CACCC644F}) (Version: 1.5.5403 - CyberLink Corp.)
Destination Component (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DJ_AIO_03_F4200_Software (Version: 110.0.223.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (Version: 110.0.223.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4220_ProductContext (Version: 110.0.223.000 - Hewlett-Packard) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F4200 (Version: 110.0.223.000 - Ihr Firmenname) Hidden
F4220_Help (Version: 110.0.223.000 - Hewlett-Packard) Hidden
GPBaseService (Version: 110.0.180.000 - Hewlett-Packard) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 11.0 (HKLM\...\HPExtendedCapabilities) (Version: 11.0 - HP)
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 (HKLM\...\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}) (Version: 11.0 - HP)
HP Imaging Device Functions 11.0 (HKLM\...\HP Imaging Device Functions) (Version: 11.0 - HP)
HP Photosmart Essential 3.0 (HKLM\...\HP Photosmart Essential) (Version: 3.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Lager (Version: 1.0.0.0 - Hewlett-Packard) Hidden
MakeDisc (HKLM\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.0.2601 - CyberLink Corp.)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (Version: 110.0.180.000 - Hewlett-Packard) Hidden
MCE Software Encoder 1.1 (HKLM\...\{7655E113-C306-11D9-A373-0050BAE317E1}) (Version: 1.1.0.1918 - CyberLink Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version: - )
Microsoft Office XP Professional mit FrontPage (HKLM\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.3520.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.30716.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Mozilla Thunderbird 38.0.1 (x86 de) (HKLM\...\Mozilla Thunderbird 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Need for Speed™ Undercover (HKLM\...\{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}) (Version: 1.0.1.0 - Electronic Arts)
Nero 8 Essentials (HKLM\...\{47948554-90C6-4AAC-8CFA-D23CE11C1031}) (Version: 8.3.124 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3118.0 - CyberLink Corporation)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 4.2.2504 - CyberLink Corp.)
PSSWCORE (Version: 2.03.0000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5591 - Realtek Semiconductor Corp.)
Scan (Version: 11.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 11.0 - HP)
Skins (Version: 2008.0731.2322.39992 - ATI) Hidden
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Toolbox (Version: 110.0.180.000 - Hewlett-Packard) Hidden
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
USB Display Device (Trigger 1+) 11.03.0315.0159 (HKLM\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 11.03.0315.0159 - MCT Corp.)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VideoToolkit01 (Version: 110.0.171.000 - Hewlett-Packard) Hidden
WebReg (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Windows Live Fotogalerie (HKLM\...\{A1D08B90-AE1A-4885-AC29-731496FD397E}) (Version: 12.0.1347.0718 - Microsoft Corporation)
Windows Live installer (HKLM\...\{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}) (Version: 12.0.1471.1025 - Microsoft Corporation)
Windows Live Mail (HKLM\...\{82F2B38B-1426-443D-874C-AC25675E7BEB}) (Version: 12.0.1606.1023 - Microsoft Corporation)
Windows Live Messenger (HKLM\...\{2B091530-69AA-442E-AB09-39ED06B58220}) (Version: 8.5.1302.1018 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{0ED47137-C071-46CC-A243-E5E33271E10E}) (Version: 5.000.742.2 - Microsoft Corporation)
Windows Live Writer (HKLM\...\{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}) (Version: 12.0.1370.0325 - Microsoft Corporation)
Windows Vista Demo Screen Saver (HKLM\...\{8A5323B7-45CB-48AB-B7E3-1C22BA63DA4C}) (Version: 1.1.1 - Ventuz Technology)
X10 Hardware(TM) (HKLM\...\X10Hardware) (Version: - )
ZENcast Organizer (HKLM\...\ZENcast Organizer) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1429313419-2184147580-785989940-1001_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-1429313419-2184147580-785989940-1001_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-1429313419-2184147580-785989940-1001_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
==================== Wiederherstellungspunkte =========================
21-07-2015 09:26:05 Windows Update
27-07-2015 18:39:07 Windows Update
03-08-2015 10:16:28 Windows Update
03-08-2015 10:32:50 avast! antivirus system restore point
03-08-2015 10:40:12 avast! antivirus system restore point
03-08-2015 10:45:51 avast! antivirus system restore point
04-08-2015 12:12:00 JRT Pre-Junkware Removal
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {97A3FCCE-E4DE-4A99-B75F-820C77DBC7F1} - \GlaryInitialize No Task File <==== ACHTUNG
Task: {BA26A5D2-B1BF-43B3-99B3-5F27BFED6C1C} - System32\Tasks\{B8872F67-75B8-4E7A-85A3-183A467C48E5} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {C0D44455-D752-41A8-9239-83A838BD7036} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-03] (AVAST Software)
Task: {F49D86EA-3238-4ED1-B514-051FBF41C6A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-08-03 10:50 - 2015-08-03 10:50 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-03 10:49 - 2015-08-03 10:49 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-04 08:21 - 2015-08-04 08:21 - 02959872 _____ () C:\Program Files\AVAST Software\Avast\defs\15080301\algo.dll
2015-08-03 10:50 - 2015-08-03 10:50 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\RM-Desktop\Documents\Sozialversicherungsausweis.pdf.eml:OECustomProperty
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer trusted/restricted ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1429313419-2184147580-785989940-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img22.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: D-Link AirPlus G => C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: TVEService => "C:\Program Files\HomeCinema\TV Enhance\TVEService.exe"
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{42BFCE11-A8B6-4689-8AAA-6016CA08E3E5}] => (Allow) C:\Program Files\HomeCinema\MakeDisc\MakeDisc.exe
FirewallRules: [{DFB7CCFC-C189-47B0-8B2F-31635A18C916}] => (Allow) C:\Program Files\HomeCinema\PowerDVD\PowerDVD.EXE
FirewallRules: [{BBA4DC03-110E-4251-B3DA-596080E7EF6A}] => (Allow) C:\Program Files\HomeCinema\TV Enhance\TVEnhance.exe
FirewallRules: [{2E16633E-7179-4F17-BC9B-A9BEC94D277E}] => (Allow) C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
FirewallRules: [{D8C3F17C-B4EA-4309-9662-087779809D75}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{73C16474-5A17-4416-9170-70025A0E4C15}] => (Allow) svchost.exe
FirewallRules: [{9FBFC665-A6BB-473C-99C4-495751F22B4F}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{7B67B081-3D9A-4D9D-ADB4-FFE856C0736B}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{EAD0E17E-5CF9-4DBF-85DA-52B0843AC137}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{629FAC1C-F414-4A03-AED0-E3A40242396E}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{FA756A3E-3FFE-4703-8F77-C767335E15DD}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{6F183544-C84D-4549-B937-A628E94ED9FA}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe
FirewallRules: [{78CFAFF3-8E18-48DD-8496-6572274D255A}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe
FirewallRules: [{619F2D15-2E97-4247-B9BF-151C42E95D12}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{6F6C486A-85C5-45B5-9CFF-2C99E6464152}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{51183281-88BF-4565-91EF-1942D5DA955E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E7B104D7-2660-4110-BF0C-249A6A0DBDED}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{A7318A23-B825-4263-86AB-08ACD295AB90}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{99A55A5A-E195-418B-A6A9-17E66A3722F5}] => (Allow) C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe
FirewallRules: [{ADEEEE90-AC4A-4B98-B4EF-EADEBE2971B2}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{2CFE7CEA-B96C-4A45-AC78-D4F4A7DF8830}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{BFCFC905-8D73-41DF-A47B-8C5F11DD0581}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{3B00BB65-A5BB-4D9D-8B89-B2A19CB81C69}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{7673E5C5-E514-4000-836A-6A60EFCCEA42}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [TCP Query User{3B58FA1F-0BD7-45E1-AB8D-1B9D7F887612}C:\program files\anno 1701\anno1701.exe] => (Allow) C:\program files\anno 1701\anno1701.exe
FirewallRules: [UDP Query User{46B29BA0-674A-42EA-8613-1DF1F03783F6}C:\program files\anno 1701\anno1701.exe] => (Allow) C:\program files\anno 1701\anno1701.exe
FirewallRules: [{2C4C7D04-D3ED-4B68-9D9D-F6D6837E8FD8}] => (Allow) C:\Program Files\HP\Digital Imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{6EBC2069-1851-4634-AE43-355ED3DC4C90}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{2D4DF306-9962-4CF9-B4E5-2CB472A89AD7}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{99B0F2FC-1795-485C-9658-17B2E77329C4}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{D21464BA-8CB5-4DAF-AAE6-7ED3CFA7E28A}] => (Allow) LPort=80
FirewallRules: [{CF15F0E4-C8E6-4666-A43D-DD7FFFD36084}] => (Allow) LPort=80
FirewallRules: [{73640FA0-E48E-4B27-A147-78FB4E83621C}] => (Allow) LPort=80
FirewallRules: [TCP Query User{199B42BD-275F-4552-9B61-4B38DAB73BAE}C:\program files\microsoft games\age of empires ii\empires2.icd] => (Block) C:\program files\microsoft games\age of empires ii\empires2.icd
FirewallRules: [UDP Query User{D1A395E8-FB2D-4A18-BFC5-5F3005A73548}C:\program files\microsoft games\age of empires ii\empires2.icd] => (Block) C:\program files\microsoft games\age of empires ii\empires2.icd
FirewallRules: [TCP Query User{6E47C2AB-2941-4AD8-9828-06B302FA002A}C:\program files\anno 1701\anno1701.exe] => (Block) C:\program files\anno 1701\anno1701.exe
FirewallRules: [UDP Query User{A14A63AD-3EDF-4437-BEC6-7E15304BF2FA}C:\program files\anno 1701\anno1701.exe] => (Block) C:\program files\anno 1701\anno1701.exe
FirewallRules: [{BC354DE2-C396-4607-9D43-A57393A4AE37}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{089D1832-B079-4EE9-ABEF-7EA05C6652D1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B507B4DD-7915-40B1-AB63-DC96D6CDDCFE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7407C812-6832-42C3-9DB5-F463BA31714C}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{3A0D60DB-401A-428F-B9B8-BAB68FC09589}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{6CA8D421-EEC8-4FE2-B290-C9A532583888}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{21673BA6-B858-482D-A3A7-D680E9AFC503}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (08/04/2015 12:05:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/04/2015 11:32:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/04/2015 08:43:24 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (08/04/2015 08:16:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/03/2015 01:29:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/03/2015 11:32:59 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (08/03/2015 10:45:49 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {015fda51-8ba5-4811-af9c-384f4960e711}
Error: (08/03/2015 10:44:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/03/2015 10:40:10 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {899ac2cd-cb57-4d1f-ab0e-59f62bef5d81}
Error: (08/03/2015 10:38:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Systemfehler:
=============
Error: (08/04/2015 12:13:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Softwarelizenzierung11200001Neustart des Diensts
Error: (08/04/2015 12:13:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Modules Installer11200001Neustart des Diensts
Error: (08/04/2015 12:13:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Media Player-Netzwerkfreigabedienst1300001Neustart des Diensts
Error: (08/04/2015 12:13:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: TVEnhance Task Scheduler (TTS))1
Error: (08/04/2015 12:13:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: X10 Device Network Service1
Error: (08/04/2015 12:13:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: U2VSvr1
Error: (08/04/2015 12:13:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: TVEnhance Background Capture Service (TBCS)1
Error: (08/04/2015 12:13:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Cyberlink RichVideo Service(CRVS)1
Error: (08/04/2015 12:13:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: ProtexisLicensing1
Error: (08/04/2015 12:13:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: PnkBstrA1
Microsoft Office:
=========================
Error: (08/04/2015 12:05:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/04/2015 11:32:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/04/2015 08:43:24 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (08/04/2015 08:16:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/03/2015 01:29:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/03/2015 11:32:59 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (08/03/2015 10:45:49 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {015fda51-8ba5-4811-af9c-384f4960e711}
Error: (08/03/2015 10:44:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/03/2015 10:40:10 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {899ac2cd-cb57-4d1f-ab0e-59f62bef5d81}
Error: (08/03/2015 10:38:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity:
===================================
Date: 2015-08-04 12:31:02.912
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-08-04 12:31:01.583
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-08-04 12:31:00.232
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-08-04 12:30:58.878
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-08-04 12:30:57.314
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-08-04 12:30:55.955
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-08-04 12:30:54.599
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-08-04 12:30:53.175
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-08-04 12:30:25.178
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-08-04 12:30:23.831
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz
Percentage of memory in use: 63%
Total physical RAM: 2046.58 MB
Available physical RAM: 742.11 MB
Total Virtual: 4332.31 MB
Available Virtual: 2891.86 MB
==================== Drives ================================
Drive c: (BOOT) (Fixed) (Total:218.24 GB) (Free:166.53 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (RECOVER) (Fixed) (Total:14.63 GB) (Free:3.32 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 2BAB359D)
Partition 1: (Active) - (Size=218.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=OF Extended)
==================== Ende vom log ============================
|
|
04.08.2015, 15:33
| #6 |
| /// the machine /// TB-Ausbilder | Windows Vista sehr langsam, bootet teilweise gar nicht mehr hochESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Windows Vista sehr langsam, bootet teilweise gar nicht mehr hoch |
|
05.08.2015, 19:15
| #7 |
| | Windows Vista sehr langsam, bootet teilweise gar nicht mehr hoch Hier die neuen Logs. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=84f3a6056ee2a54f85d6048828f3a71e
# end=init
# utc_time=2015-08-05 04:04:45
# local_time=2015-08-05 06:04:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.0.6002 NT Service Pack 2
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=41221
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
Update Finalize
Updated modules version: 25139
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 25139
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=84f3a6056ee2a54f85d6048828f3a71e
# end=updated
# utc_time=2015-08-05 04:45:40
# local_time=2015-08-05 06:45:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.0.6002 NT Service Pack 2
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=84f3a6056ee2a54f85d6048828f3a71e
# engine=25139
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-08-05 05:58:34
# local_time=2015-08-05 07:58:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 88 205666 205998 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 114940 276330242 0 0
# scanned=207848
# found=0
# cleaned=0
# scan_time=4373
Code:
ATTFilter Results of screen317's Security Check version 1.006
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 18.0.0.209
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (39.0)
Mozilla Thunderbird (38.0.1)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:02-08-2015 01
durchgeführt von RM-Desktop (Administrator) auf RM-DESKTOP-PC (05-08-2015 20:09:19)
Gestartet von C:\Users\RM-Desktop\Downloads
Geladene Profile: RM-Desktop (Verfügbare Profile: RM-Desktop)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 8 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\System32\GManager.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Windows\System32\PSIService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
() C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
(CyberLink) C:\Windows\System32\CLWatson.exe
() C:\Windows\System32\U2VSvr.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
() C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
(CyberLink) C:\Windows\System32\CLWatson.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Creative Technology Ltd) C:\Users\RM-Desktop\ZEN Media Explorer\CTCheck.exe
() C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
(AVM Berlin) C:\Program Files\avmwlanstick\FRITZWLANMini.exe
(Magic Control Technology Corporation) C:\Windows\System32\MTri1+.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
==================== Registry (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-07-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [5369856 2008-03-26] (Realtek Semiconductor)
HKLM\...\Run: [CTCheck] => C:\Users\RM-Desktop\ZEN Media Explorer\CTCheck.exe [397312 2007-11-06] (Creative Technology Ltd)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Util] => C:\Windows\system32\Util.exe [188416 2010-12-28] ()
HKLM\...\Run: [Corel File Shell Monitor] => C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16200 2007-10-30] ()
HKLM\...\Run: [hpqSRMon] => [X]
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-03] (AVAST Software)
HKU\S-1-5-21-1429313419-2184147580-785989940-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-03] (AVAST Software)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.de/
HKU\S-1-5-21-1429313419-2184147580-785989940-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1429313419-2184147580-785989940-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.de/
HKU\S-1-5-21-1429313419-2184147580-785989940-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll Keine Datei
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} -> Keine Datei
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-03] (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-12-14] (Microsoft Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll [2007-10-18] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll [2007-10-18] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{119504D0-DC28-4144-B905-3666D127E1D6}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4BDB51C4-8E13-407C-8AD5-18E47FD8CD98}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{8E614F48-0BA0-4011-9244-46BB3CF3D5F8}: [DhcpNameServer] 217.0.43.129 192.168.0.1
Tcpip\..\Interfaces\{EEC66F08-4D55-41DF-A37C-0DC3B64F102E}: [DhcpNameServer] 217.0.43.129 192.168.0.1
Tcpip\..\Interfaces\{F70DB2E7-9BF0-4374-85E7-2B97808DF6A4}: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\RM-Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\rnjiu27r.default
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\npctrl.1.0.30716.0.dll [2008-07-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\RM-Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\rnjiu27r.default\Extensions\abs@avira.com [2015-08-05]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\RM-Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\rnjiu27r.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-27]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-05-04]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-03]
FF HKU\S-1-5-21-1429313419-2184147580-785989940-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-03]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-03] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-08-03] (Avast Software)
R2 GManager; C:\Windows\system32\GManager.exe [210296 2010-11-13] ()
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [Datei ist nicht signiert]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2008-11-22] ()
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [237638 2008-06-03] () [Datei ist nicht signiert]
R2 TVECapSvc; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [360538 2008-06-03] () [Datei ist nicht signiert]
R2 TVESched; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [131160 2008-06-03] () [Datei ist nicht signiert]
R2 U2VSvr; C:\Windows\system32\U2VSvr.exe [192512 2011-03-02] () [Datei ist nicht signiert]
S3 usnjsvc; C:\Program Files\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [Datei ist nicht signiert]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-08-03] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-08-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-08-03] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [161472 2015-08-03] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-08-03] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-03] (AVAST Software)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [271360 2008-11-20] () [Datei ist nicht signiert]
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2012-04-25] (AVM Berlin) [Datei ist nicht signiert]
R3 eapihdrv; C:\Users\RM-DES~1\AppData\Local\Temp\ehdrv.sys [135760 2015-08-05] (ESET)
R3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [1244160 2012-07-23] (AVM GmbH)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [401920 2007-12-19] (AVM GmbH)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2008-11-20] () [Datei ist nicht signiert]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-08-03] (AVAST Software)
R3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908832 2007-07-30] (NXP Semiconductors Germany GmbH)
S3 RT73; C:\Windows\System32\DRIVERS\Dr71WU.sys [329728 2007-05-11] (Ralink Technology Corp.)
R3 T1PExGrp; C:\Windows\System32\DRIVERS\T1PExGrp.sys [30080 2010-01-20] (Magic Control Technology Corp.)
R3 T1PMrGrp; C:\Windows\System32\DRIVERS\T1PMrGrp.sys [30720 2010-01-20] (Magic Control Technology Corp.)
S3 t1pusb; C:\Windows\System32\drivers\t1pusb.sys [131328 2011-01-31] (Magic Control Technology Corp.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-08-03] (Avast Software)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-05 20:08 - 2015-08-05 20:08 - 00000985 _____ C:\Users\RM-Desktop\Desktop\checkup.txt
2015-08-05 20:03 - 2015-08-05 20:03 - 00852684 _____ C:\Users\RM-Desktop\Downloads\SecurityCheck.exe
2015-08-05 18:04 - 2015-08-05 18:04 - 00000000 ____D C:\Program Files\ESET
2015-08-05 18:02 - 2015-08-05 18:03 - 02870984 _____ (ESET) C:\Users\RM-Desktop\Downloads\esetsmartinstaller_deu.exe
2015-08-05 17:58 - 2015-08-05 18:21 - 00000000 ____D C:\snapshots
2015-08-04 12:32 - 2015-08-04 12:32 - 00033779 _____ C:\Users\RM-Desktop\Desktop\Addition2.txt
2015-08-04 12:32 - 2015-08-04 12:32 - 00029912 _____ C:\Users\RM-Desktop\Desktop\FRST2.txt
2015-08-04 12:21 - 2015-08-04 12:21 - 00002053 _____ C:\Users\RM-Desktop\Desktop\JRT.txt
2015-08-04 12:09 - 2015-08-04 12:09 - 01798176 _____ (Malwarebytes Corporation) C:\Users\RM-Desktop\Downloads\JRT.exe
2015-08-04 12:07 - 2015-08-04 12:07 - 00003226 _____ C:\Users\RM-Desktop\Desktop\AdwCleaner[S0].txt
2015-08-04 12:06 - 2015-08-04 12:06 - 00058008 _____ C:\Users\RM-Desktop\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-04 11:58 - 2015-08-04 12:02 - 00000000 ____D C:\AdwCleaner
2015-08-04 11:58 - 2015-08-04 11:58 - 02248704 _____ C:\Users\RM-Desktop\Downloads\AdwCleaner_4.208.exe
2015-08-04 11:56 - 2015-08-04 11:56 - 00001530 _____ C:\Users\RM-Desktop\Desktop\MBAM.txt
2015-08-04 11:36 - 2015-08-04 11:37 - 00000903 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-08-04 11:35 - 2015-08-04 11:37 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware
2015-08-04 11:35 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-04 11:35 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-04 11:34 - 2015-08-04 11:34 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\RM-Desktop\Downloads\mbam-setup-2.1.6.1022.exe
2015-08-03 13:15 - 2015-08-03 13:15 - 00096360 _____ C:\Users\RM-Desktop\Desktop\TDSSKILLER.txt
2015-08-03 13:10 - 2015-08-03 13:10 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\RM-Desktop\Downloads\tdsskiller.exe
2015-08-03 12:54 - 2015-08-04 11:38 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-03 12:53 - 2015-08-03 13:08 - 00000000 ____D C:\Users\RM-Desktop\Desktop\mbar
2015-08-03 12:53 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-03 12:52 - 2015-08-03 12:52 - 16502728 _____ (Malwarebytes Corp.) C:\Users\RM-Desktop\Downloads\mbar-1.09.1.1004.exe
2015-08-03 12:00 - 2015-08-03 12:00 - 00011315 _____ C:\Users\RM-Desktop\Desktop\GMER.log
2015-08-03 11:12 - 2015-08-03 11:13 - 00380416 _____ C:\Users\RM-Desktop\Downloads\Gmer-19357.exe
2015-08-03 11:11 - 2015-08-03 11:11 - 00033141 _____ C:\Users\RM-Desktop\Desktop\Addition.txt
2015-08-03 11:11 - 2015-08-03 11:11 - 00029057 _____ C:\Users\RM-Desktop\Desktop\FRST.txt
2015-08-03 11:08 - 2015-08-04 12:31 - 00033779 _____ C:\Users\RM-Desktop\Downloads\Addition.txt
2015-08-03 11:06 - 2015-08-05 20:09 - 00016202 _____ C:\Users\RM-Desktop\Downloads\FRST.txt
2015-08-03 11:03 - 2015-08-03 11:03 - 00050477 _____ C:\Users\RM-Desktop\Downloads\Defogger(1).exe
2015-08-03 11:00 - 2015-08-05 20:09 - 00000000 ____D C:\FRST
2015-08-03 10:57 - 2015-08-03 10:59 - 01673728 _____ (Farbar) C:\Users\RM-Desktop\Downloads\FRST.exe
2015-08-03 10:53 - 2015-08-03 10:53 - 00000000 ____D C:\Windows\system32\vbox
2015-08-03 10:52 - 2015-08-03 10:52 - 00000000 ____D C:\Users\RM-Desktop\AppData\Roaming\AVAST Software
2015-08-03 10:50 - 2015-08-03 10:50 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-03 10:50 - 2015-08-03 10:50 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-03 10:50 - 2015-08-03 10:50 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-03 10:50 - 2015-08-03 10:50 - 00161472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2015-08-03 10:50 - 2015-08-03 10:50 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-03 10:50 - 2015-08-03 10:50 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-08-03 10:50 - 2015-08-03 10:50 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-08-03 10:50 - 2015-08-03 10:50 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-03 10:50 - 2015-08-03 10:50 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-03 10:50 - 2015-08-03 10:50 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-03 10:50 - 2015-08-03 10:50 - 00001833 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-08-03 10:50 - 2015-08-03 10:49 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-08-03 10:50 - 2015-08-03 10:49 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-08-03 10:46 - 2015-08-03 10:46 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-03 10:36 - 2015-08-04 12:04 - 00008994 _____ C:\Windows\PFRO.log
2015-08-03 10:33 - 2015-08-03 10:33 - 00000000 _____ C:\Windows\setuperr.log
2015-08-03 10:33 - 2015-08-03 10:33 - 00000000 _____ C:\Windows\setupact.log
2015-08-03 10:16 - 2015-08-03 10:16 - 05499960 _____ (Avast Software s.r.o.) C:\Users\RM-Desktop\Downloads\avast_free_antivirus_setup_online.exe
2015-08-03 10:16 - 2015-08-03 10:16 - 05499960 _____ (Avast Software s.r.o.) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2015-07-30 11:50 - 2015-07-30 11:51 - 00143776 _____ C:\Windows\Minidump\Mini073015-01.dmp
2015-07-29 08:37 - 2015-07-30 11:50 - 154323196 _____ C:\Windows\MEMORY.DMP
2015-07-29 08:37 - 2015-07-29 08:37 - 00135392 _____ C:\Windows\Minidump\Mini072915-01.dmp
2015-07-21 09:26 - 2015-07-14 18:02 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 09:26 - 2015-07-14 16:23 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 17:40 - 2015-08-03 11:08 - 00000482 _____ C:\Users\RM-Desktop\Downloads\defogger_disable.log
2015-07-20 17:40 - 2015-07-20 17:40 - 00000000 _____ C:\Users\RM-Desktop\defogger_reenable
2015-07-20 17:39 - 2015-07-20 17:39 - 00050477 _____ C:\Users\RM-Desktop\Downloads\Defogger.exe
2015-07-15 08:55 - 2015-07-03 18:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 08:55 - 2015-06-25 04:57 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 08:54 - 2015-06-17 18:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 08:54 - 2015-06-17 17:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 08:54 - 2015-06-12 18:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 08:48 - 2015-05-31 10:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 08:47 - 2015-06-27 18:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 08:47 - 2015-06-27 18:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 08:47 - 2015-06-27 18:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 08:47 - 2015-06-27 18:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-15 08:47 - 2015-06-27 16:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 08:47 - 2015-06-27 16:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 08:47 - 2015-06-12 15:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 08:47 - 2015-01-09 02:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 08:30 - 2015-07-02 17:37 - 06009856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 08:30 - 2015-07-02 15:14 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 08:30 - 2015-06-17 07:26 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 08:30 - 2015-06-17 07:26 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 08:30 - 2015-06-17 07:26 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 08:30 - 2015-06-17 07:26 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-15 08:30 - 2015-06-17 07:26 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-15 08:30 - 2015-06-17 07:24 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-07-15 08:30 - 2015-06-17 07:22 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-07-15 08:30 - 2015-06-17 07:22 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 08:30 - 2015-06-17 07:22 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 08:30 - 2015-06-17 07:22 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 08:30 - 2015-06-17 07:22 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-15 08:30 - 2015-06-17 07:21 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 08:30 - 2015-06-17 07:21 - 00727552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 08:30 - 2015-06-17 07:21 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-07-15 08:30 - 2015-06-17 07:21 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 08:30 - 2015-06-17 07:20 - 11085312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 08:30 - 2015-06-17 07:20 - 02006016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 08:30 - 2015-06-17 07:20 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 08:30 - 2015-06-17 07:20 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-15 08:30 - 2015-06-17 07:20 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 08:30 - 2015-06-17 07:20 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-07-15 08:30 - 2015-06-17 07:20 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 08:30 - 2015-06-17 07:20 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 08:30 - 2015-06-17 07:19 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 08:30 - 2015-06-17 07:19 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 08:30 - 2015-06-17 07:19 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-07-15 08:30 - 2015-06-17 06:14 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 08:30 - 2015-06-17 04:58 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 08:30 - 2015-06-17 04:58 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 08:30 - 2015-06-17 04:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-07-15 08:02 - 2015-07-15 08:02 - 00000000 ___RD C:\Users\RM-Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Systemsteuerung
2015-07-13 09:01 - 2015-07-13 17:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-11 10:24 - 2015-07-30 11:50 - 00000000 ____D C:\Windows\Minidump
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-05 19:55 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-05 19:55 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-05 19:44 - 2013-06-24 16:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-05 19:29 - 2008-11-19 21:43 - 01250310 _____ C:\Windows\WindowsUpdate.log
2015-08-05 18:00 - 2006-11-02 12:33 - 01702158 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-05 17:55 - 2011-10-27 17:03 - 00002726 _____ C:\Windows\system32\GManager.ini
2015-08-05 17:55 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-04 12:40 - 2006-11-02 15:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-04 08:37 - 2009-12-24 14:48 - 00000000 ____D C:\Users\RM-Desktop\AppData\Local\Thunderbird
2015-08-04 08:14 - 2012-07-09 11:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-03 13:34 - 2009-12-24 14:48 - 00000900 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-08-03 13:33 - 2015-05-26 08:47 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2015-07-21 14:08 - 2006-11-02 14:47 - 00260704 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-15 08:54 - 2013-08-18 15:14 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 08:44 - 2012-07-03 08:58 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-15 08:44 - 2012-07-03 08:58 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2009-08-26 08:28 - 2009-08-26 08:28 - 0000000 _____ () C:\Users\RM-Desktop\AppData\Roaming\Default.PLS
2009-01-03 10:38 - 2013-12-29 19:00 - 0006836 _____ () C:\Users\RM-Desktop\AppData\Local\d3d9caps.dat
2009-12-24 17:53 - 2013-01-03 18:51 - 0010240 _____ () C:\Users\RM-Desktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-23 17:52 - 2009-12-23 17:52 - 0000098 _____ () C:\Users\RM-Desktop\AppData\Local\fusioncache.dat
2008-11-28 19:11 - 2010-05-04 10:19 - 0001914 _____ () C:\ProgramData\hpzinstall.log
Einige Dateien in TEMP:
====================
C:\Users\RM-Desktop\AppData\Local\Temp\avgnt.exe
C:\Users\RM-Desktop\AppData\Local\Temp\Quarantine.exe
C:\Users\RM-Desktop\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-08-05 18:03
==================== Ende vom log ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:02-08-2015 01
durchgeführt von RM-Desktop (2015-08-05 20:11:30)
Gestartet von C:\Users\RM-Desktop\Downloads
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1429313419-2184147580-785989940-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1429313419-2184147580-785989940-1003 - Limited - Enabled)
Gast (S-1-5-21-1429313419-2184147580-785989940-501 - Limited - Disabled)
RM-Desktop (S-1-5-21-1429313419-2184147580-785989940-1001 - Administrator - Enabled) => C:\Users\RM-Desktop
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Age of Empires III - The Asian Dynasties (HKLM\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III - The WarChiefs (HKLM\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Anno 1701 (HKLM\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.04 - Sunflowers)
AudibleManager (HKLM\...\AudibleManager) (Version: -2.2002344839.2002344277.4528520 - Audible, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)
AVM FRITZ!WLAN (HKLM\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin)
BufferChm (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000 - Hewlett-Packard) Hidden
ccc-core-static (Version: 2008.0731.2322.39992 - Ihr Firmenname) Hidden
Corel Paint Shop Pro Photo X2 (HKLM\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.010.0000 - Corel Corporation)
Creative Systeminformationen (HKLM\...\SysInfo) (Version: - )
Creative ZEN (HKLM\...\{D24DDB61-8868-46CF-BC36-BECC1674F0C1}) (Version: 1.0 - )
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
CyberLink TV Enhance (HKLM\...\{E4C891D6-6844-41B8-86E8-633CACCC644F}) (Version: 1.5.5403 - CyberLink Corp.)
Destination Component (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DJ_AIO_03_F4200_Software (Version: 110.0.223.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (Version: 110.0.223.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4220_ProductContext (Version: 110.0.223.000 - Hewlett-Packard) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F4200 (Version: 110.0.223.000 - Ihr Firmenname) Hidden
F4220_Help (Version: 110.0.223.000 - Hewlett-Packard) Hidden
GPBaseService (Version: 110.0.180.000 - Hewlett-Packard) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 11.0 (HKLM\...\HPExtendedCapabilities) (Version: 11.0 - HP)
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 (HKLM\...\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}) (Version: 11.0 - HP)
HP Imaging Device Functions 11.0 (HKLM\...\HP Imaging Device Functions) (Version: 11.0 - HP)
HP Photosmart Essential 3.0 (HKLM\...\HP Photosmart Essential) (Version: 3.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Lager (Version: 1.0.0.0 - Hewlett-Packard) Hidden
MakeDisc (HKLM\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.0.2601 - CyberLink Corp.)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (Version: 110.0.180.000 - Hewlett-Packard) Hidden
MCE Software Encoder 1.1 (HKLM\...\{7655E113-C306-11D9-A373-0050BAE317E1}) (Version: 1.1.0.1918 - CyberLink Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version: - )
Microsoft Office XP Professional mit FrontPage (HKLM\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.3520.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.30716.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Mozilla Thunderbird 38.0.1 (x86 de) (HKLM\...\Mozilla Thunderbird 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Need for Speed™ Undercover (HKLM\...\{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}) (Version: 1.0.1.0 - Electronic Arts)
Nero 8 Essentials (HKLM\...\{47948554-90C6-4AAC-8CFA-D23CE11C1031}) (Version: 8.3.124 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3118.0 - CyberLink Corporation)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 4.2.2504 - CyberLink Corp.)
PSSWCORE (Version: 2.03.0000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5591 - Realtek Semiconductor Corp.)
Scan (Version: 11.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 11.0 - HP)
Skins (Version: 2008.0731.2322.39992 - ATI) Hidden
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Toolbox (Version: 110.0.180.000 - Hewlett-Packard) Hidden
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
USB Display Device (Trigger 1+) 11.03.0315.0159 (HKLM\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 11.03.0315.0159 - MCT Corp.)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VideoToolkit01 (Version: 110.0.171.000 - Hewlett-Packard) Hidden
WebReg (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Windows Live Fotogalerie (HKLM\...\{A1D08B90-AE1A-4885-AC29-731496FD397E}) (Version: 12.0.1347.0718 - Microsoft Corporation)
Windows Live installer (HKLM\...\{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}) (Version: 12.0.1471.1025 - Microsoft Corporation)
Windows Live Mail (HKLM\...\{82F2B38B-1426-443D-874C-AC25675E7BEB}) (Version: 12.0.1606.1023 - Microsoft Corporation)
Windows Live Messenger (HKLM\...\{2B091530-69AA-442E-AB09-39ED06B58220}) (Version: 8.5.1302.1018 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{0ED47137-C071-46CC-A243-E5E33271E10E}) (Version: 5.000.742.2 - Microsoft Corporation)
Windows Live Writer (HKLM\...\{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}) (Version: 12.0.1370.0325 - Microsoft Corporation)
Windows Vista Demo Screen Saver (HKLM\...\{8A5323B7-45CB-48AB-B7E3-1C22BA63DA4C}) (Version: 1.1.1 - Ventuz Technology)
X10 Hardware(TM) (HKLM\...\X10Hardware) (Version: - )
ZENcast Organizer (HKLM\...\ZENcast Organizer) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1429313419-2184147580-785989940-1001_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-1429313419-2184147580-785989940-1001_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-1429313419-2184147580-785989940-1001_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
==================== Wiederherstellungspunkte =========================
21-07-2015 09:26:05 Windows Update
27-07-2015 18:39:07 Windows Update
03-08-2015 10:16:28 Windows Update
03-08-2015 10:32:50 avast! antivirus system restore point
03-08-2015 10:40:12 avast! antivirus system restore point
03-08-2015 10:45:51 avast! antivirus system restore point
04-08-2015 12:12:00 JRT Pre-Junkware Removal
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {97A3FCCE-E4DE-4A99-B75F-820C77DBC7F1} - \GlaryInitialize No Task File <==== ACHTUNG
Task: {BA26A5D2-B1BF-43B3-99B3-5F27BFED6C1C} - System32\Tasks\{B8872F67-75B8-4E7A-85A3-183A467C48E5} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {C0D44455-D752-41A8-9239-83A838BD7036} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-03] (AVAST Software)
Task: {F49D86EA-3238-4ED1-B514-051FBF41C6A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-08-03 10:50 - 2015-08-03 10:50 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-03 10:49 - 2015-08-03 10:49 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-04 08:21 - 2015-08-04 08:21 - 02959872 _____ () C:\Program Files\AVAST Software\Avast\defs\15080301\algo.dll
2015-08-05 17:57 - 2015-08-05 17:57 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15080501\algo.dll
2011-10-27 17:02 - 2010-11-13 16:39 - 00210296 _____ () C:\Windows\system32\GManager.exe
2008-11-22 22:04 - 2008-11-22 22:04 - 00066872 _____ () C:\Windows\system32\PnkBstrA.exe
2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2008-08-28 14:55 - 2008-06-03 18:38 - 00237638 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2008-09-24 07:58 - 2008-06-03 18:36 - 00360538 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
2008-09-24 07:58 - 2008-06-03 18:36 - 00094208 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLSchRecordMonitor.dll
2008-09-24 07:58 - 2008-06-03 18:37 - 00274527 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll
2008-09-24 07:58 - 2008-06-03 18:37 - 00032768 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll
2011-10-27 18:05 - 2011-03-02 15:21 - 00192512 _____ () C:\Windows\system32\U2VSvr.exe
2008-09-24 07:58 - 2008-06-03 18:36 - 00131160 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
2008-09-24 07:58 - 2008-06-03 18:37 - 00118873 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLSchMgr.dll
2008-09-24 07:58 - 2008-06-03 18:36 - 00339968 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLTinyDB.dll
2008-08-01 06:47 - 2008-08-01 06:47 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2007-10-30 19:52 - 2007-10-30 19:52 - 00016200 _____ () C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
2008-08-28 12:48 - 2008-08-28 12:48 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2015-08-03 10:50 - 2015-08-03 10:50 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\RM-Desktop\Documents\Sozialversicherungsausweis.pdf.eml:OECustomProperty
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer trusted/restricted ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1429313419-2184147580-785989940-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img22.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: D-Link AirPlus G => C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: TVEService => "C:\Program Files\HomeCinema\TV Enhance\TVEService.exe"
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{42BFCE11-A8B6-4689-8AAA-6016CA08E3E5}] => (Allow) C:\Program Files\HomeCinema\MakeDisc\MakeDisc.exe
FirewallRules: [{DFB7CCFC-C189-47B0-8B2F-31635A18C916}] => (Allow) C:\Program Files\HomeCinema\PowerDVD\PowerDVD.EXE
FirewallRules: [{BBA4DC03-110E-4251-B3DA-596080E7EF6A}] => (Allow) C:\Program Files\HomeCinema\TV Enhance\TVEnhance.exe
FirewallRules: [{2E16633E-7179-4F17-BC9B-A9BEC94D277E}] => (Allow) C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
FirewallRules: [{D8C3F17C-B4EA-4309-9662-087779809D75}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{73C16474-5A17-4416-9170-70025A0E4C15}] => (Allow) svchost.exe
FirewallRules: [{9FBFC665-A6BB-473C-99C4-495751F22B4F}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{7B67B081-3D9A-4D9D-ADB4-FFE856C0736B}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{EAD0E17E-5CF9-4DBF-85DA-52B0843AC137}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{629FAC1C-F414-4A03-AED0-E3A40242396E}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{FA756A3E-3FFE-4703-8F77-C767335E15DD}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{6F183544-C84D-4549-B937-A628E94ED9FA}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe
FirewallRules: [{78CFAFF3-8E18-48DD-8496-6572274D255A}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe
FirewallRules: [{619F2D15-2E97-4247-B9BF-151C42E95D12}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{6F6C486A-85C5-45B5-9CFF-2C99E6464152}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{51183281-88BF-4565-91EF-1942D5DA955E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E7B104D7-2660-4110-BF0C-249A6A0DBDED}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{A7318A23-B825-4263-86AB-08ACD295AB90}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{99A55A5A-E195-418B-A6A9-17E66A3722F5}] => (Allow) C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe
FirewallRules: [{ADEEEE90-AC4A-4B98-B4EF-EADEBE2971B2}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{2CFE7CEA-B96C-4A45-AC78-D4F4A7DF8830}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{BFCFC905-8D73-41DF-A47B-8C5F11DD0581}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{3B00BB65-A5BB-4D9D-8B89-B2A19CB81C69}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{7673E5C5-E514-4000-836A-6A60EFCCEA42}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [TCP Query User{3B58FA1F-0BD7-45E1-AB8D-1B9D7F887612}C:\program files\anno 1701\anno1701.exe] => (Allow) C:\program files\anno 1701\anno1701.exe
FirewallRules: [UDP Query User{46B29BA0-674A-42EA-8613-1DF1F03783F6}C:\program files\anno 1701\anno1701.exe] => (Allow) C:\program files\anno 1701\anno1701.exe
FirewallRules: [{2C4C7D04-D3ED-4B68-9D9D-F6D6837E8FD8}] => (Allow) C:\Program Files\HP\Digital Imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{6EBC2069-1851-4634-AE43-355ED3DC4C90}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{2D4DF306-9962-4CF9-B4E5-2CB472A89AD7}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{99B0F2FC-1795-485C-9658-17B2E77329C4}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{D21464BA-8CB5-4DAF-AAE6-7ED3CFA7E28A}] => (Allow) LPort=80
FirewallRules: [{CF15F0E4-C8E6-4666-A43D-DD7FFFD36084}] => (Allow) LPort=80
FirewallRules: [{73640FA0-E48E-4B27-A147-78FB4E83621C}] => (Allow) LPort=80
FirewallRules: [TCP Query User{199B42BD-275F-4552-9B61-4B38DAB73BAE}C:\program files\microsoft games\age of empires ii\empires2.icd] => (Block) C:\program files\microsoft games\age of empires ii\empires2.icd
FirewallRules: [UDP Query User{D1A395E8-FB2D-4A18-BFC5-5F3005A73548}C:\program files\microsoft games\age of empires ii\empires2.icd] => (Block) C:\program files\microsoft games\age of empires ii\empires2.icd
FirewallRules: [TCP Query User{6E47C2AB-2941-4AD8-9828-06B302FA002A}C:\program files\anno 1701\anno1701.exe] => (Block) C:\program files\anno 1701\anno1701.exe
FirewallRules: [UDP Query User{A14A63AD-3EDF-4437-BEC6-7E15304BF2FA}C:\program files\anno 1701\anno1701.exe] => (Block) C:\program files\anno 1701\anno1701.exe
FirewallRules: [{BC354DE2-C396-4607-9D43-A57393A4AE37}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{089D1832-B079-4EE9-ABEF-7EA05C6652D1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B507B4DD-7915-40B1-AB63-DC96D6CDDCFE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7407C812-6832-42C3-9DB5-F463BA31714C}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{3A0D60DB-401A-428F-B9B8-BAB68FC09589}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{6CA8D421-EEC8-4FE2-B290-C9A532583888}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{21673BA6-B858-482D-A3A7-D680E9AFC503}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (08/05/2015 05:56:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/04/2015 12:39:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (08/04/2015 12:05:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/04/2015 11:32:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/04/2015 08:43:24 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (08/04/2015 08:16:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/03/2015 01:29:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/03/2015 11:32:59 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (08/03/2015 10:45:49 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {015fda51-8ba5-4811-af9c-384f4960e711}
Error: (08/03/2015 10:44:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Systemfehler:
=============
Error: (08/05/2015 05:56:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
Error: (08/05/2015 05:56:41 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (08/04/2015 12:13:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Softwarelizenzierung11200001Neustart des Diensts
Error: (08/04/2015 12:13:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Modules Installer11200001Neustart des Diensts
Error: (08/04/2015 12:13:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Media Player-Netzwerkfreigabedienst1300001Neustart des Diensts
Error: (08/04/2015 12:13:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: TVEnhance Task Scheduler (TTS))1
Error: (08/04/2015 12:13:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: X10 Device Network Service1
Error: (08/04/2015 12:13:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: U2VSvr1
Error: (08/04/2015 12:13:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: TVEnhance Background Capture Service (TBCS)1
Error: (08/04/2015 12:13:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Cyberlink RichVideo Service(CRVS)1
Microsoft Office:
=========================
Error: (08/05/2015 05:56:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/04/2015 12:39:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\MCT Corp\UVTP100\Driver\DPInst64.exe
Error: (08/04/2015 12:05:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/04/2015 11:32:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/04/2015 08:43:24 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (08/04/2015 08:16:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/03/2015 01:29:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/03/2015 11:32:59 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (08/03/2015 10:45:49 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {015fda51-8ba5-4811-af9c-384f4960e711}
Error: (08/03/2015 10:44:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity:
===================================
Date: 2015-08-05 20:11:25.449
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-08-05 20:11:24.326
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-08-05 20:11:23.203
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-08-05 20:11:22.095
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-08-05 20:11:20.754
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-08-05 20:11:19.646
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-08-05 20:11:18.507
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-08-05 20:11:17.369
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-08-05 20:10:55.669
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-08-05 20:10:54.468
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz
Percentage of memory in use: 72%
Total physical RAM: 2046.58 MB
Available physical RAM: 559.45 MB
Total Virtual: 4340.39 MB
Available Virtual: 2891.77 MB
==================== Drives ================================
Drive c: (BOOT) (Fixed) (Total:218.24 GB) (Free:166.63 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (RECOVER) (Fixed) (Total:14.63 GB) (Free:3.32 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 2BAB359D)
Partition 1: (Active) - (Size=218.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=OF Extended)
==================== Ende vom log ============================
|
|
06.08.2015, 06:04
| #8 |
| /// the machine /// TB-Ausbilder | Windows Vista sehr langsam, bootet teilweise gar nicht mehr hoch Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {97A3FCCE-E4DE-4A99-B75F-820C77DBC7F1} - \GlaryInitialize No Task File <==== ACHTUNG
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
 Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.08.2015, 09:55
| #9 |
| | Windows Vista sehr langsam, bootet teilweise gar nicht mehr hochCode:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x86) Version:02-08-2015 01
durchgeführt von RM-Desktop (2015-08-06 10:41:52) Run:2
Gestartet von C:\Users\RM-Desktop\Downloads
Geladene Profile: RM-Desktop (Verfügbare Profile: RM-Desktop)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
Task: {97A3FCCE-E4DE-4A99-B75F-820C77DBC7F1} - \GlaryInitialize No Task File <==== ACHTUNG
Emptytemp:
*****************
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97A3FCCE-E4DE-4A99-B75F-820C77DBC7F1} => Schlüssel nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GlaryInitialize => Schlüssel nicht gefunden.
EmptyTemp: => 362.5 MB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende vom Fixlog 10:42:58 ====
Code:
ATTFilter # DelFix v1.010 - Datei am 06/08/2015 um 10:52:07 erstellt
# Aktualisiert am 26/04/2015 von Xplode
# Benutzer : RM-Desktop - RM-DESKTOP-PC
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
~ Aktiviere die Benutzerkontensteuerung ... OK
~ Entferne die Bereinigungsprogramme ...
Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : C:\Users\RM-Desktop\Desktop\mbar
Gelöscht : C:\TDSSKiller.3.1.0.5_03.08.2015_13.10.27_log.txt
Gelöscht : C:\Users\RM-Desktop\Desktop\Addition.txt
Gelöscht : C:\Users\RM-Desktop\Desktop\Addition2.txt
Gelöscht : C:\Users\RM-Desktop\Desktop\Addition3.txt
Gelöscht : C:\Users\RM-Desktop\Desktop\AdwCleaner[S0].txt
Gelöscht : C:\Users\RM-Desktop\Desktop\FRST.txt
Gelöscht : C:\Users\RM-Desktop\Desktop\FRST2.txt
Gelöscht : C:\Users\RM-Desktop\Desktop\FRST3.txt
Gelöscht : C:\Users\RM-Desktop\Desktop\JRT.txt
Gelöscht : C:\Users\RM-Desktop\Desktop\TDSSKILLER.txt
Gelöscht : C:\Users\RM-Desktop\Downloads\Addition.txt
Gelöscht : C:\Users\RM-Desktop\Downloads\AdwCleaner_4.208.exe
Gelöscht : C:\Users\RM-Desktop\Downloads\Defogger(1).exe
Gelöscht : C:\Users\RM-Desktop\Downloads\Defogger.exe
Gelöscht : C:\Users\RM-Desktop\Downloads\defogger_disable.log
Gelöscht : C:\Users\RM-Desktop\Downloads\defogger_enable.log
Gelöscht : C:\Users\RM-Desktop\Downloads\esetsmartinstaller_deu.exe
Gelöscht : C:\Users\RM-Desktop\Downloads\Fixlog.txt
Gelöscht : C:\Users\RM-Desktop\Downloads\FRST.exe
Gelöscht : C:\Users\RM-Desktop\Downloads\FRST.txt
Gelöscht : C:\Users\RM-Desktop\Downloads\JRT.exe
Gelöscht : C:\Users\RM-Desktop\Downloads\SecurityCheck.exe
Gelöscht : C:\Users\RM-Desktop\Downloads\tdsskiller.exe
Gelöscht : HKLM\SOFTWARE\AdwCleaner
~ Erstelle ein Backup der Registrierungsdatenbank ... OK
~ Lösche die Wiederherstellungspunkte ...
Gelöscht : RP #724 [Windows Update | 07/21/2015 07:26:05]
Gelöscht : RP #725 [Windows Update | 07/27/2015 16:39:07]
Gelöscht : RP #726 [Windows Update | 08/03/2015 08:16:28]
Gelöscht : RP #728 [avast! antivirus system restore point | 08/03/2015 08:32:50]
Gelöscht : RP #730 [avast! antivirus system restore point | 08/03/2015 08:40:12]
Gelöscht : RP #732 [avast! antivirus system restore point | 08/03/2015 08:45:51]
Gelöscht : RP #733 [JRT Pre-Junkware Removal | 08/04/2015 10:12:00]
Ein neuer Wiederherstellungspunkt wurde erstellt !
~ Stelle die Systemeinstellungen wieder her ... OK
########## - EOF - ##########
|
|
07.08.2015, 08:14
| #10 |
| /// the machine /// TB-Ausbilder | Windows Vista sehr langsam, bootet teilweise gar nicht mehr hoch fertig
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows Vista sehr langsam, bootet teilweise gar nicht mehr hoch |
| antivirus, avg, cpu, dnsapi.dll, firefox, flash player, helper, home, homepage, hängt, langsam, mozilla, prozesse, realtek, registry, scan, security, services.exe, software, starten, stick, svchost.exe, system, usb, vista, windows |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
